**4. Security factors in IoT**

*Bioethics in Medicine and Society*

larger numbers.

Another aspect to be mentioned as a reference to the vulnerability of the IoT is related to the pandemic caused by COVID-19, whose attacks in the first half of 2020 increased alarmingly worldwide [19], in particular on websites of medical organizations, educational and administrative platforms, online gaming platforms and delivery services of various kinds. With this type of attack, it was shown that cybercriminals were not very interested in the social and humanitarian factor.

It is worth mentioning that DDoS attacks require poorly configured computer networks and servers, which once hijacked are connected to a Zombie network (**Figure 2**). This strategy applied to IoT devices acts as a connection bridge to be used as digital weapons of attack and espionage, expanding the coverage of the zombie network, boosting thousands or millions of times the level of request to the servers targeted by the attack. The problem with an attack on this scale is that the IoT is in continuous growth, that as [20] affirms only by 2020 there will be more than 50 billion connected devices (omnipresent) in cities, that is more than the estimated world population for this date (7.5 billion). Now, with the problem of the pandemic, there are hundreds of projects that promote the IoT for the permanent monitoring of cities, homes, hospitals and transportation systems among other critical systems of cities in the coming years, all aimed at minimizing future pandemics, for causing the number of devices to skyrocket to significantly

Another issue to take into account is related to metropolitan security, in which technologies such as cameras, sensors and drones are increasingly being incorporated, connected via IoT devices and mobile telephony. In the worst case scenario, when hacking this type of infrastructure, a city would be at the mercy of an attacker having access to infinite data. Now, this type of attack would not only be orchestrated by organized crime and terrorists, but by the governments themselves and the military, as noted above, with the exclusive purpose of monitoring each

*Graphical representation of a distributed denial of service (DDoS) attack on an IoT system. As can be seen, a set of botnet is used to attack the victim, which in this case is a server that manages information from devices related to the IoT. The result of this attack is to have access to the database hosted on the server, to the control of* 

**256**

**Figure 2.**

*the network connected to it and to the IoT devices.*

In terms of security, the IoT presents various weaknesses depending on the type of technology and application it is given, where DDoS takes advantage of, as do other variants such as low-speed DDoS (LDDoS) [26], which hides its traffic equivalent to normal traffic. Its origin is based on LDoS attack methods, which include variants such as reduction of quality (RoQ ) and application servers (LoRDAS attacks). Another type of weakness attributed to the protection of information is focused on the service provider (DPS), which apart from implying additional costs, can lead to a decrease in the performance of the service and security problems, so you must be careful with whom you contract x and y services.

There are security proposals for the IoT, such as: collaborative defense using VNF (Virtual Network Functions), the use of DOTS protocols (DDoS Open Threat Signaling) [27], the exchange of events based on FLow (FLEX) and obfuscation techniques [28], among others. Although they are very good proposals, the problem is still open in establishing ideal protocols that allow confronting large-scale DDoS attacks, in which a greater degree of sophistication, duration and frequency is increasingly observed. In this sense, the use of Artificial Intelligence (AI) initially allows detection using techniques such as advanced neural networks [29] and machine learning [30], among others [31, 32].

One aspect that relates the IoT to AI and cybersecurity, are the failures at the hardware level. For example, design errors in Intel, AMD and ARM processors detected in the kernels, which were exploited by the Meltdown and Specter malware [33]. These errors allowed these malwares to access key parts of the processors by stealing security keys [34]. These failures have opened controversy, whether they were really design problems or were left on purpose for industrial or government espionage, hence policies have been implemented where countries such as the United States, China and Russia, among others, develop their own processor technology to minimize the risk of spying or hijacking in the event of a cyberattack. The implications of this type of attack show the fragility that exists in technology, where the common user has no idea what may be happening with their personal information stored on any electronic device. Seen in this way, society's ever-increasing dependence on technology poses new challenges in terms of security, which must

be carefully reviewed, since one would be at the mercy of government cybercrime without even knowing it.

In the case of IoT, it is that as the collection and analysis of information from various devices increases, not only the industrial and services sector (Industry 4.0) is compromised, but the entire technological infrastructure on which society is based, increasing the security risks, where data grows at ever increasing rates exceeding the Exabyte order. Just imagine the unauthorized access by organized crime or governments to predictive systems, not only in the industrial field, but also in the military, financial, health and critical infrastructures, among others, kidnapping and/or modifying information with impunity, the damage would be practically irreparable adding to a high cost of lives.

## **5. Implications of the IoT in the healthcare sector**

The IoT is increasingly being incorporated into the health sector from different fronts, even under other disruptive disciplines such as E-health (or e-health) composed of technologies such as: electronic medical record, E-learning, B-Learning, telehealth that includes telemedicine, Mobile-Health, among others. Also, the Wearables are found along this same line; considered as electronic devices for permanent monitoring of vital signs, detection of arrhythmias, measurement of glucose levels and biometric marker systems, among other functions. These devices are usually found in a person through accessories such as: watches, bracelets, glasses, rings, underwear and outerwear, among other elements, so in this context the IoT changes to the term Internet of Wearables Things (IoWT) [35, 36]. In the case of disease monitoring through the biosignal registry, the term Internet of Medical Things (IoMT) has been coined [37], which uses devices with RFID (Radio Frequency identification) and NFC (Near Field Communication), being useful for monitoring biosignals in clinical and epidemiology trials and research, facilitating obtaining real-time data and conducting traceability studies and identification of variables, communication between devices and patient location; this makes it easier for medical personnel to offer personalized attention and follow-up on a certain treatment.

It goes without saying that spending on IoT solutions for health care will exceed one trillion dollars in the coming years, this in part because of COVID-19 and other variables such as the increase in the number of people who pass into the elderly and the increase in chronic diseases that demand special care, where technology contributes its own in this regard.

All these technologies collect a large amount of medical data permanently from human activities, which as [38] points out, with the use of IoT allows access to massive data on population health and although its individual use is of enormous benefit for clinical medicine, on a large scale it represents a revolution for global health. This leads us to think about the responsibility that falls on those who have access to this information and the risk that it falls into the wrong hands. Therefore, the concern about the security of this data is justified, since its interception and manipulation imply a risk and violation of the patient's privacy rights, added to the irreparable damage that this entails to their family and health institutions, so it requires a detailed study on these aspects, as stated [39–42].

The truth of all this is that the volume of data grows continuously, demanding new technologies for both storage and processing, such as data science, big data, artificial intelligence and cloud computing among others, all of them managed through communication networks. In terms of security, the institutions establish policies aimed at minimizing the risk and vulnerabilities of these systems.

**259**

solution.

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security*

However, the probability of a computer attack is latent, and as has been pointed out, it can come from various sources, which are not only external but internal. For example, active or inactive dissatisfied personnel who provide information about the infrastructure of the hospital's communication systems to third parties, bribes and corporate infiltration, among other factors, make guaranteeing the security of clinical information a real challenge not only for the personnel in charge, but for each person who works in the institution. It goes without saying that it only requires a device failure to facilitate unauthorized access to a network and, therefore, to the

Well managed IoT and its variants like IoWT and IoMT reduce security flaws, but they are not eliminated. Seeing this problem on a large scale, a country's health system can be compromised, let us remember that in 2020 there were attempts to hack hospitals and research centers that were working on the vaccine and control of COVID-19. Therefore, no institution is safe from a cyberattack and even less if they have profit, political or terrorist purposes. Let us just imagine the scenario of a politician, activist or social leader, who is hacked into clinical information by intervening, deliberately and selectively altering procedures and/or medication in order to threaten his life. Although it sounds cinematic, the possibility is real, in the same way, various IoT devices can be intervened to monitor and intercept information. In reality, without going into conspiratorial arguments, there are no limits to what can be done when you have free access to sensitive information from an organization, particularly clinical data. The task of exploiting the vulnerabilities of an IoT system is not easy, but neither is it impossible, since there are various techniques, software resources and online services such as the Deep Web and Darknet that allow this task to be carried out systematically in a relatively short time. In the government field, their agencies have unlimited resources to carry out DDoS attacks, so they are more difficult to detect and track, so they are literally ghosting

Cloud computing is understood as a model of information technology service on demand, which makes available to users a vast network of servers on which various types of applications run, storage and processing of large volumes of information and internet services on demand, business solutions, among others. For this, it uses three models of Cloud services: IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service), where each one differs in terms of

Due to its scalable characteristics of cloud computing, the management of information for the management of IoT technologies and related projects such as big data, advanced analytics and artificial intelligence, among others, is unlimited, so large and small companies hire this type of service, since they do not require their own technological infrastructure minimizing costs, just as the information is available at any time and place. As an additional fact, there are currently three major cloud computing service providers: Amazon with its Amazon Web Services solution, Microsoft with its Azure solution and Google through its Google Cloud

As for big data, it refers to the treatment of large amounts of data, in which storage and processing models are used by which it seeks to find repetitive patterns that allow generating knowledge. In this sense, sensitive aspects of the use of Big Data are presented in the framework of public policies, in which security, data ownership, privacy and ethical framework of use are established as the main factor. From

*DOI: http://dx.doi.org/10.5772/intechopen.94516*

information that circulates through it.

that move on the network, even from the deep web itself.

storage capacity, services and security, among others.

**6. Cloud computing and big data**

#### *Internet of Things and Distributed Denial of Service as Risk Factors in Information Security DOI: http://dx.doi.org/10.5772/intechopen.94516*

However, the probability of a computer attack is latent, and as has been pointed out, it can come from various sources, which are not only external but internal. For example, active or inactive dissatisfied personnel who provide information about the infrastructure of the hospital's communication systems to third parties, bribes and corporate infiltration, among other factors, make guaranteeing the security of clinical information a real challenge not only for the personnel in charge, but for each person who works in the institution. It goes without saying that it only requires a device failure to facilitate unauthorized access to a network and, therefore, to the information that circulates through it.

Well managed IoT and its variants like IoWT and IoMT reduce security flaws, but they are not eliminated. Seeing this problem on a large scale, a country's health system can be compromised, let us remember that in 2020 there were attempts to hack hospitals and research centers that were working on the vaccine and control of COVID-19. Therefore, no institution is safe from a cyberattack and even less if they have profit, political or terrorist purposes. Let us just imagine the scenario of a politician, activist or social leader, who is hacked into clinical information by intervening, deliberately and selectively altering procedures and/or medication in order to threaten his life. Although it sounds cinematic, the possibility is real, in the same way, various IoT devices can be intervened to monitor and intercept information.

In reality, without going into conspiratorial arguments, there are no limits to what can be done when you have free access to sensitive information from an organization, particularly clinical data. The task of exploiting the vulnerabilities of an IoT system is not easy, but neither is it impossible, since there are various techniques, software resources and online services such as the Deep Web and Darknet that allow this task to be carried out systematically in a relatively short time. In the government field, their agencies have unlimited resources to carry out DDoS attacks, so they are more difficult to detect and track, so they are literally ghosting that move on the network, even from the deep web itself.

## **6. Cloud computing and big data**

Cloud computing is understood as a model of information technology service on demand, which makes available to users a vast network of servers on which various types of applications run, storage and processing of large volumes of information and internet services on demand, business solutions, among others. For this, it uses three models of Cloud services: IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service), where each one differs in terms of storage capacity, services and security, among others.

Due to its scalable characteristics of cloud computing, the management of information for the management of IoT technologies and related projects such as big data, advanced analytics and artificial intelligence, among others, is unlimited, so large and small companies hire this type of service, since they do not require their own technological infrastructure minimizing costs, just as the information is available at any time and place. As an additional fact, there are currently three major cloud computing service providers: Amazon with its Amazon Web Services solution, Microsoft with its Azure solution and Google through its Google Cloud solution.

As for big data, it refers to the treatment of large amounts of data, in which storage and processing models are used by which it seeks to find repetitive patterns that allow generating knowledge. In this sense, sensitive aspects of the use of Big Data are presented in the framework of public policies, in which security, data ownership, privacy and ethical framework of use are established as the main factor. From

*Bioethics in Medicine and Society*

without even knowing it.

irreparable adding to a high cost of lives.

**5. Implications of the IoT in the healthcare sector**

be carefully reviewed, since one would be at the mercy of government cybercrime

In the case of IoT, it is that as the collection and analysis of information from various devices increases, not only the industrial and services sector (Industry 4.0) is compromised, but the entire technological infrastructure on which society is based, increasing the security risks, where data grows at ever increasing rates exceeding the Exabyte order. Just imagine the unauthorized access by organized crime or governments to predictive systems, not only in the industrial field, but also in the military, financial, health and critical infrastructures, among others, kidnapping and/or modifying information with impunity, the damage would be practically

The IoT is increasingly being incorporated into the health sector from different fronts, even under other disruptive disciplines such as E-health (or e-health) composed of technologies such as: electronic medical record, E-learning, B-Learning, telehealth that includes telemedicine, Mobile-Health, among others. Also, the Wearables are found along this same line; considered as electronic devices for permanent monitoring of vital signs, detection of arrhythmias, measurement of glucose levels and biometric marker systems, among other functions. These devices are usually found in a person through accessories such as: watches, bracelets, glasses, rings, underwear and outerwear, among other elements, so in this context the IoT changes to the term Internet of Wearables Things (IoWT) [35, 36]. In the case of disease monitoring through the biosignal registry, the term Internet of Medical Things (IoMT) has been coined [37], which uses devices with RFID (Radio Frequency identification) and NFC (Near Field Communication), being useful for monitoring biosignals in clinical and epidemiology trials and research, facilitating obtaining real-time data and conducting traceability studies and identification of variables, communication between devices and patient location; this makes it easier for medical personnel to offer personalized attention and follow-up on a certain

It goes without saying that spending on IoT solutions for health care will exceed one trillion dollars in the coming years, this in part because of COVID-19 and other variables such as the increase in the number of people who pass into the elderly and the increase in chronic diseases that demand special care, where technology con-

All these technologies collect a large amount of medical data permanently from

The truth of all this is that the volume of data grows continuously, demanding new technologies for both storage and processing, such as data science, big data, artificial intelligence and cloud computing among others, all of them managed through communication networks. In terms of security, the institutions establish policies aimed at minimizing the risk and vulnerabilities of these systems.

human activities, which as [38] points out, with the use of IoT allows access to massive data on population health and although its individual use is of enormous benefit for clinical medicine, on a large scale it represents a revolution for global health. This leads us to think about the responsibility that falls on those who have access to this information and the risk that it falls into the wrong hands. Therefore, the concern about the security of this data is justified, since its interception and manipulation imply a risk and violation of the patient's privacy rights, added to the irreparable damage that this entails to their family and health institutions, so it

requires a detailed study on these aspects, as stated [39–42].

**258**

treatment.

tributes its own in this regard.

this perspective, the immunity of cloud computing against attacks from all types of malware was affirmed a few years ago, however, this changed, demonstrating that no system is infallible and even less against DDoS. In fact, there is evidence of DDoS-type attacks and their taxonomy on cloud computing, as indicated by [43], in which they expose the types and various counter-attack measures (detection, prevention and tolerance techniques) for mitigate DDoS attacks.

Based on the foregoing, it is worth noting that when a cloud computing system is perpetrated, it is because the attacker has managed to gain access as administrator to one of the system nodes, so he can do whatever he pleases with the data by putting in serious trouble to its objective, in which it literally has in its hands the most important asset of an organization, which is information. These types of failures are usually attributed to human failures, either due to ignorance, negligence or complicity of the administrator or a worker.

The synergy of disruptive technologies such as IoT + Big Data + Cloub computing + IA allows the creation of an unparalleled technological infrastructure for the recording, analysis, processing and storage of massive data, where the intervention of the human being will be increasingly scarce. Taking into account that, in the following years the number of IoT devices will grow exponentially, the noted synergy will be increasingly robust and autonomous with a level of security that guarantees that the information is well protected. However, it is clear that DDoS attack techniques are also evolving, giving way to what can be called intelligent distributed denial of service (IDDoS), in which advanced algorithmic techniques of artificial intelligence are integrated to attack AI-based infrastructures.

### **7. Crytohacking**

This type of attack is constantly growing, employing malware that has the ability to hijack cloud computing systems. It is aimed at large corporations and cryptocurrency exchange houses, using the computational power of mobile devices as an attack center, mining it with cryptocurrencies, making the user believe that they are rewarded under the assumption that they are carrying out large transactions under the blockchain model. In this context, crypto hacking resembles a DDoS attack with the difference that it not only hijacks computers, servers and web pages, but also smart mobile devices, which by mining them with cryptocurrencies can make fraudulent transactions at the cost of the victim, winning money secretly, since it is not possible to make a traceability with respect to the transactions that have been carried out. An example of malware with these characteristics is coinhive and cryptoMiner [44], discovered in multinational companies such as Tesla and Avira.

One problem that continues to grow is communication with anonymous networks and the Darknet (which involves the Deep web and the Dark web). This type of network, in principle, is intended to facilitate the access and flow of information in countries whose restriction of free expression does not allow open communication. However, this network is also used for criminal purposes which, as [45] points out, is used to commit computer crimes, share compromised files (personal, pornographic, confidential, illegal software, etc.) or for the sale of goods and services prohibited. The anonymity provided by the Darknet guarantees user navigation without any restriction compared to the conventional internet, so special browsers and protocols are required [46]. For this, it is common to use ".onion" extension that guarantees an anonymous IP to access the TOR network, or networks such as ZeroNet, FreeNet or I2P.

A peculiarity of the Darknet is that, although attacks are carried out from within, it shows itself to be highly flexible, dynamic and robust enough to adapt,

**261**

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security*

thus minimizing collateral damage, which is a notable differential characteristic with respect to the standard Internet. Based on this fact, when the Darknet is used for the purpose of hacking with cryptocurrencies, the probability of success is high because it operates under the blockchain model and distributed ledger [47]. This type of attack is in continuous growth parallel to ransomware, due to the ease of anonymously hijacking a device connected to the internet, added to the incessant increase in legal and illegal operations using the Blockchain as a cryptocurrency monetary system. For example, due to the particular technical and technological characteristics of the Darknet, it facilitates the exchange of sensitive information [48] between organized crime and terrorist groups, making it impossible for the authorities to intercept such as laundering. of money, planning and coordination of attacks, drug trafficking, tax evasion, hit men, kidnapping, extortion, child

Therefore, the combination of the blockchain with the Deep Web creates the ideal environment for the flow of legal or illegal information, in which it literally becomes almost impossible to trace [49], considering this cyberspace as a no man's land, where DDoS-type operations, among others, are carried out without any legal or police problem. Now, it should be noted that not only crime makes use of this type of network, but also government and military entities [50], institutions of higher education and research, among others, in which it seeks to guarantee

Ransomware is a type of cyberattack that is characterized by encrypting the files stored on a computer or web page by encoding them, where the victim must pay with cryptocurrencies for their ransom, which is why it is difficult to trace their origin or destination. This type of attack is constantly evolving in the way of encrypting information, using more sophisticated and robust algorithms that seek to hide the trail of the attacker, the form of payment and attacks on systems such as the cloud. As things are going, this type of attack will be more destructive and lethal, since it is combined with DDoS to enhance its level of hijacking, where the targets have been shifting from small companies to financial systems and industry, government and military structures and Critical infrastructures, which compromise their information and the operation of all their systems, paralyzing them, with the possibility of deleting or subtracting records and modifying them according to

The ransomware only requires to hijack a few computers that are not updated in terms of security or to install itself by tricking its victims. Also, this malware (for example, Ekans) can be installed in SCADA-type systems [51] that are connected to the internet or to a local network whose security measures are deficient. What is critical about this type of attack is that it can be scalable, as long as the communication network infrastructure allows it, that is, when there is vulnerable software and hardware such as routers and other network devices. Also, other types of malware can be used to make way for ransomware, letting them carry out the tasks for which they were created and programmed, and then having the information as best suited. In this sense, the IoT with its various variants is not exempt from a ransomwaretype attack, especially if the devices are being managed and/or administered by

The use of ransomware for targeted attacks (individuals or companies) is a great resource for organized crime, although at present it has diversified as it is a multiplatform malware, which allows it to affect Linux, Windows and MacOS operating

anonymity and minimize risk of theft of critical information.

servers or mobile devices with an ephemeral degree of security.

*DOI: http://dx.doi.org/10.5772/intechopen.94516*

pornography, sale of weapons, etc.

what the attacker or his contractor wants.

**8. Ransomware**

#### *Internet of Things and Distributed Denial of Service as Risk Factors in Information Security DOI: http://dx.doi.org/10.5772/intechopen.94516*

thus minimizing collateral damage, which is a notable differential characteristic with respect to the standard Internet. Based on this fact, when the Darknet is used for the purpose of hacking with cryptocurrencies, the probability of success is high because it operates under the blockchain model and distributed ledger [47]. This type of attack is in continuous growth parallel to ransomware, due to the ease of anonymously hijacking a device connected to the internet, added to the incessant increase in legal and illegal operations using the Blockchain as a cryptocurrency monetary system. For example, due to the particular technical and technological characteristics of the Darknet, it facilitates the exchange of sensitive information [48] between organized crime and terrorist groups, making it impossible for the authorities to intercept such as laundering. of money, planning and coordination of attacks, drug trafficking, tax evasion, hit men, kidnapping, extortion, child pornography, sale of weapons, etc.

Therefore, the combination of the blockchain with the Deep Web creates the ideal environment for the flow of legal or illegal information, in which it literally becomes almost impossible to trace [49], considering this cyberspace as a no man's land, where DDoS-type operations, among others, are carried out without any legal or police problem. Now, it should be noted that not only crime makes use of this type of network, but also government and military entities [50], institutions of higher education and research, among others, in which it seeks to guarantee anonymity and minimize risk of theft of critical information.

#### **8. Ransomware**

*Bioethics in Medicine and Society*

administrator or a worker.

AI-based infrastructures.

**7. Crytohacking**

this perspective, the immunity of cloud computing against attacks from all types of malware was affirmed a few years ago, however, this changed, demonstrating that no system is infallible and even less against DDoS. In fact, there is evidence of DDoS-type attacks and their taxonomy on cloud computing, as indicated by [43], in which they expose the types and various counter-attack measures (detection,

Based on the foregoing, it is worth noting that when a cloud computing system is perpetrated, it is because the attacker has managed to gain access as administrator to one of the system nodes, so he can do whatever he pleases with the data by putting in serious trouble to its objective, in which it literally has in its hands the most important asset of an organization, which is information. These types of failures are usually attributed to human failures, either due to ignorance, negligence or complicity of the

The synergy of disruptive technologies such as IoT + Big Data + Cloub computing + IA allows the creation of an unparalleled technological infrastructure for the recording, analysis, processing and storage of massive data, where the intervention of the human being will be increasingly scarce. Taking into account that, in the following years the number of IoT devices will grow exponentially, the noted synergy will be increasingly robust and autonomous with a level of security that guarantees that the information is well protected. However, it is clear that DDoS attack techniques are also evolving, giving way to what can be called intelligent distributed denial of service (IDDoS), in which advanced algorithmic techniques of artificial intelligence are integrated to attack

This type of attack is constantly growing, employing malware that has the ability to hijack cloud computing systems. It is aimed at large corporations and cryptocurrency exchange houses, using the computational power of mobile devices as an attack center, mining it with cryptocurrencies, making the user believe that they are rewarded under the assumption that they are carrying out large transactions under the blockchain model. In this context, crypto hacking resembles a DDoS attack with the difference that it not only hijacks computers, servers and web pages, but also smart mobile devices, which by mining them with cryptocurrencies can make fraudulent transactions at the cost of the victim, winning money secretly, since it is not possible to make a traceability with respect to the transactions that have been carried out. An example of malware with these characteristics is coinhive and cryptoMiner [44], discovered in multinational companies such as Tesla and Avira. One problem that continues to grow is communication with anonymous networks and the Darknet (which involves the Deep web and the Dark web). This type of network, in principle, is intended to facilitate the access and flow of information in countries whose restriction of free expression does not allow open communication. However, this network is also used for criminal purposes which, as [45] points out, is used to commit computer crimes, share compromised files (personal, pornographic, confidential, illegal software, etc.) or for the sale of goods and services prohibited. The anonymity provided by the Darknet guarantees user navigation without any restriction compared to the conventional internet, so special browsers and protocols are required [46]. For this, it is common to use ".onion" extension that guarantees an anonymous IP to access the TOR network, or networks such as

A peculiarity of the Darknet is that, although attacks are carried out from within, it shows itself to be highly flexible, dynamic and robust enough to adapt,

prevention and tolerance techniques) for mitigate DDoS attacks.

**260**

ZeroNet, FreeNet or I2P.

Ransomware is a type of cyberattack that is characterized by encrypting the files stored on a computer or web page by encoding them, where the victim must pay with cryptocurrencies for their ransom, which is why it is difficult to trace their origin or destination. This type of attack is constantly evolving in the way of encrypting information, using more sophisticated and robust algorithms that seek to hide the trail of the attacker, the form of payment and attacks on systems such as the cloud. As things are going, this type of attack will be more destructive and lethal, since it is combined with DDoS to enhance its level of hijacking, where the targets have been shifting from small companies to financial systems and industry, government and military structures and Critical infrastructures, which compromise their information and the operation of all their systems, paralyzing them, with the possibility of deleting or subtracting records and modifying them according to what the attacker or his contractor wants.

The ransomware only requires to hijack a few computers that are not updated in terms of security or to install itself by tricking its victims. Also, this malware (for example, Ekans) can be installed in SCADA-type systems [51] that are connected to the internet or to a local network whose security measures are deficient. What is critical about this type of attack is that it can be scalable, as long as the communication network infrastructure allows it, that is, when there is vulnerable software and hardware such as routers and other network devices. Also, other types of malware can be used to make way for ransomware, letting them carry out the tasks for which they were created and programmed, and then having the information as best suited. In this sense, the IoT with its various variants is not exempt from a ransomwaretype attack, especially if the devices are being managed and/or administered by servers or mobile devices with an ephemeral degree of security.

The use of ransomware for targeted attacks (individuals or companies) is a great resource for organized crime, although at present it has diversified as it is a multiplatform malware, which allows it to affect Linux, Windows and MacOS operating

systems alike. For example, the Tycoon ransomware. That said, the attack can vary, encrypting personal or corporate files (web server, for example WastedLocker), locking the PC screen (lock screen), locking the hard drive and backups, blocking access to a mobile device, etc. The problem does not end here, since, at the time of the seizure of information, the attacker has unlimited access to the information, which allows the tracking of other potential victims, their computers and networks. An example that occurred in mid-2020 was through the Netwaklker malware, in which critical information was seized from the migration computer systems in the United States, which contained data from the Federal Intelligence Agency, some embassies and consulates, in which was asked for a ransom in the amount of 4 million dollars. It was not paid for it, but it exposed the vulnerabilities to which any system considered safe is found.

The ransomware attack feature consists of hiding it within files, which when executed by the victim installs a Trojan in the operating system, which internally begins to make changes to some registries, such as the keyboard, disables the antivirus and any other program security, among other critical protection functions. The next step is to connect to the victim's network that is supposed to be vulnerable and enter via remote connection from the computer's desktop, which uses various protocols such as RDP (Remote Desktop Protocol) - Also, previously through social engineering, having guessed the password, but rather employ a brute force attack to find it. In general, there are a large number of tools to violate the system. Then, the process of encrypting files on the computer begins, including critical databases such as backups that correspond to servers -physical or in the cloud-, although more recently ransomware has been found that also encrypts data stored on network drives. Once the encryption is completed, the victim receives a message indicating immediate payment for the information seized through cryptocurrencies, otherwise it will be destroyed. Being able to decrypt ransomware is complex, especially since some of them already use symmetric encryption algorithms such as Galois/Counter (GCM) mode3 with a length of 16 bytes.

### **9. Artificial intelligence and advanced persistent threats**

Although publications about cyberattacks using software based on artificial intelligence (AI) are scarce, it does not imply that they do not exist, since what is least wanted is publicity about it. AI can be used to find vulnerabilities in software such as hardware connected to a network, where appropriate equipment and resources are required for this purpose. For example, data can be searched on the darknet on activities related to clients or organizations that may be compromised and involve a security threat that is exploited by cybercriminals; this includes documentation and private information that has been infiltrated (personal and financial information, intellectual property, access credentials, etc.).

AI has already started to play a critical role when it comes to cybersecurity. Currently security companies use predictive models based on machine learning combined with neural networks and other disruptive technologies, in order to anticipate attacks on computer systems and critical infrastructures, as well as detect what is happening in a particular network. From this perspective, reverse engineering it to carry out attacks based on found vulnerabilities is viable, where robust datasets used as libraries can be used for brute force attacks. In fact, the creation of AI algorithms with programming that attacks certain systems already exists, the control of which is carried out by "intelligent" malware.

Although it is based on an assumption, with AI applied to carry out cyberattacks it compromises all the security of a system, including the lives of people and

**263**

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security*

of the different governmental and industrial organizations of a nation.

the communication protocols in the packaging of data in a network.

blocking or hijacking using a DDoS-type attack is feasible.

demonstrated by the DeepXplore intelligent system [55].

**10. Discussion from the bioethical plane**

society in general. An attack of this type would be planned to be executed on several fronts, using various resources such as advanced persistent threats (APT), DDoS, ransomware and other intelligent malware, hijacking certain critical systems, temporarily disabling them or destroying them, in such a way that any functionality or functionality collapsed. Operation of these in cyberspace, in this particular case

AI can not only threaten the security of an organization but that of any country, which can be orchestrated by organized criminal groups or by groups funded by governments and militia. An example of this are APTs, which are a highly specialized type of malware that is custom designed to infect and disable systems at the software and hardware level. The objective of this type of malware is the theft, modification, destruction, espionage and sabotage of industrial and corporate information. APTs possess stealth type attack traits, combining advanced encryption techniques with close polymorphic algorithms with AI. [52] points out that APTs can persist inside a computer system for a long time without being detected, taking advantage of the vulnerabilities of the infrastructure or the architecture of

Based on the above, an APT is a cyber weapon designed for specific attacks on targets, particularly critical infrastructure. From this perspective, the IoT is no exception to an attack of this type, since communication between devices can be intercepted and disabled or modified. This is because APTs can leak through software or hardware that is not properly protected and from there scale the systems, so

APTs are exclusive, so they are not abundant on the internet, this is because their managers are not just any organized criminal group, but governments, rival corporations and large criminal syndicates that have unlimited financial, technical and technological resources, which allows them undertake this type of development and carry out targeted cyberattacks. Under this model [53] point out that a variant of the APT called S-APT is used, whose action is focused on creating attack vectors

The IoT within the framework of industry 4.0 increasingly incorporates AI in its developments, where connectivity to the internet and mobile devices is constantly increasing. Under this scenario, the introduction of an APT or malware similar to these technologies taking advantage of their vulnerabilities is feasible, either when they are already on the market or from their own manufacture, as demonstrated by [54]. Consequently, countless plausible scenarios are opening up to carry out cyberattacks, to and from drones, autonomous vehicles, advanced robots (military, industrial, leisure, etc.), smart electrical grids, even the IoT infrastructure that a smart city has. Consequently, the concern arises of programming errors in AI-based systems, which are exploited and taken advantage of to violate other systems, as

In the IoT industry, the term Edge Computing has recently been coined, which is the next step in Cloud Computing technology, in which all the information from intelligent IoT devices connected to a network is collected, to be stored and processed in large database repositories arranged for this purpose. The implications of this new proposal are broad and complex, because the data collected from sensors and various devices, combined with advanced AI algorithms, make inferences that lead to decision-making both human and automated devices. The density of data and its variety under this scheme will increase exponentially for the next few years,

based on disinformation strategies within the framework of the military.

*DOI: http://dx.doi.org/10.5772/intechopen.94516*

#### *Internet of Things and Distributed Denial of Service as Risk Factors in Information Security DOI: http://dx.doi.org/10.5772/intechopen.94516*

society in general. An attack of this type would be planned to be executed on several fronts, using various resources such as advanced persistent threats (APT), DDoS, ransomware and other intelligent malware, hijacking certain critical systems, temporarily disabling them or destroying them, in such a way that any functionality or functionality collapsed. Operation of these in cyberspace, in this particular case of the different governmental and industrial organizations of a nation.

AI can not only threaten the security of an organization but that of any country, which can be orchestrated by organized criminal groups or by groups funded by governments and militia. An example of this are APTs, which are a highly specialized type of malware that is custom designed to infect and disable systems at the software and hardware level. The objective of this type of malware is the theft, modification, destruction, espionage and sabotage of industrial and corporate information. APTs possess stealth type attack traits, combining advanced encryption techniques with close polymorphic algorithms with AI. [52] points out that APTs can persist inside a computer system for a long time without being detected, taking advantage of the vulnerabilities of the infrastructure or the architecture of the communication protocols in the packaging of data in a network.

Based on the above, an APT is a cyber weapon designed for specific attacks on targets, particularly critical infrastructure. From this perspective, the IoT is no exception to an attack of this type, since communication between devices can be intercepted and disabled or modified. This is because APTs can leak through software or hardware that is not properly protected and from there scale the systems, so blocking or hijacking using a DDoS-type attack is feasible.

APTs are exclusive, so they are not abundant on the internet, this is because their managers are not just any organized criminal group, but governments, rival corporations and large criminal syndicates that have unlimited financial, technical and technological resources, which allows them undertake this type of development and carry out targeted cyberattacks. Under this model [53] point out that a variant of the APT called S-APT is used, whose action is focused on creating attack vectors based on disinformation strategies within the framework of the military.

The IoT within the framework of industry 4.0 increasingly incorporates AI in its developments, where connectivity to the internet and mobile devices is constantly increasing. Under this scenario, the introduction of an APT or malware similar to these technologies taking advantage of their vulnerabilities is feasible, either when they are already on the market or from their own manufacture, as demonstrated by [54]. Consequently, countless plausible scenarios are opening up to carry out cyberattacks, to and from drones, autonomous vehicles, advanced robots (military, industrial, leisure, etc.), smart electrical grids, even the IoT infrastructure that a smart city has. Consequently, the concern arises of programming errors in AI-based systems, which are exploited and taken advantage of to violate other systems, as demonstrated by the DeepXplore intelligent system [55].

## **10. Discussion from the bioethical plane**

In the IoT industry, the term Edge Computing has recently been coined, which is the next step in Cloud Computing technology, in which all the information from intelligent IoT devices connected to a network is collected, to be stored and processed in large database repositories arranged for this purpose. The implications of this new proposal are broad and complex, because the data collected from sensors and various devices, combined with advanced AI algorithms, make inferences that lead to decision-making both human and automated devices. The density of data and its variety under this scheme will increase exponentially for the next few years,

*Bioethics in Medicine and Society*

system considered safe is found.

(GCM) mode3 with a length of 16 bytes.

**9. Artificial intelligence and advanced persistent threats**

information, intellectual property, access credentials, etc.).

control of which is carried out by "intelligent" malware.

Although publications about cyberattacks using software based on artificial intelligence (AI) are scarce, it does not imply that they do not exist, since what is least wanted is publicity about it. AI can be used to find vulnerabilities in software such as hardware connected to a network, where appropriate equipment and resources are required for this purpose. For example, data can be searched on the darknet on activities related to clients or organizations that may be compromised and involve a security threat that is exploited by cybercriminals; this includes documentation and private information that has been infiltrated (personal and financial

AI has already started to play a critical role when it comes to cybersecurity. Currently security companies use predictive models based on machine learning combined with neural networks and other disruptive technologies, in order to anticipate attacks on computer systems and critical infrastructures, as well as detect what is happening in a particular network. From this perspective, reverse engineering it to carry out attacks based on found vulnerabilities is viable, where robust datasets used as libraries can be used for brute force attacks. In fact, the creation of AI algorithms with programming that attacks certain systems already exists, the

Although it is based on an assumption, with AI applied to carry out cyberattacks it compromises all the security of a system, including the lives of people and

systems alike. For example, the Tycoon ransomware. That said, the attack can vary, encrypting personal or corporate files (web server, for example WastedLocker), locking the PC screen (lock screen), locking the hard drive and backups, blocking access to a mobile device, etc. The problem does not end here, since, at the time of the seizure of information, the attacker has unlimited access to the information, which allows the tracking of other potential victims, their computers and networks. An example that occurred in mid-2020 was through the Netwaklker malware, in which critical information was seized from the migration computer systems in the United States, which contained data from the Federal Intelligence Agency, some embassies and consulates, in which was asked for a ransom in the amount of 4 million dollars. It was not paid for it, but it exposed the vulnerabilities to which any

The ransomware attack feature consists of hiding it within files, which when executed by the victim installs a Trojan in the operating system, which internally begins to make changes to some registries, such as the keyboard, disables the antivirus and any other program security, among other critical protection functions. The next step is to connect to the victim's network that is supposed to be vulnerable and enter via remote connection from the computer's desktop, which uses various protocols such as RDP (Remote Desktop Protocol) - Also, previously through social engineering, having guessed the password, but rather employ a brute force attack to find it. In general, there are a large number of tools to violate the system. Then, the process of encrypting files on the computer begins, including critical databases such as backups that correspond to servers -physical or in the cloud-, although more recently ransomware has been found that also encrypts data stored on network drives. Once the encryption is completed, the victim receives a message indicating immediate payment for the information seized through cryptocurrencies, otherwise it will be destroyed. Being able to decrypt ransomware is complex, especially since some of them already use symmetric encryption algorithms such as Galois/Counter

**262**

exceeding zettabytes (1021 bytes), so technologies such as 5G, next-generation communication networks including the quantum internet, will accelerate and optimizing information traffic without saturating networks by reducing latency, incorporating other tools such as Edge/Fog Computing. It is worth mentioning that these technologies are characterized by the fact that the data is managed in the form of a chain of blocks or blockchain to guarantee a high level of security, which may possibly be migrated to specific applications such as the health field, minimizing the risk of compromising clinical information from the patients.

In the case of edge computing, it does not work alone apart from IoT, but is linked to other technologies such as Mobile Cloud Computing [56] and Collaborative Mobile Edge Computing [57], an example in this regard, are the Google Cloud IoT technologies, which are active in today's market. As they are considered as emerging technologies, the level of security is still in question, so the risk of compromising sensitive information of users and services through a cryptohacking attack is high. Let us remember that the security infrastructure in the cloud is high, but not that of the IoT, added to the bad practices that inevitably lead to unauthorized access to a network.

Normally, unnecessary or insecure network services are activated, being exposed to attacks where unauthorized control of any service can be assumed, violating the confidentiality, integrity, authentication or availability of the information. Along the same lines, there are often interfaces that are managed by proprietary or third-party devices, such as mobile applications, data repositories in the cloud, the corporate website itself and the backend APIs. These flaws lead to vulnerabilities such as weak encryption (or lack thereof) on the data circulating on the network, as well as the absence of input/output filters.

Other common failures found in IoT devices are: failure to update firmware or manage related processes such as encrypting in transit and validating updates without appropriate mechanisms for doing so; use of insecure or outdated software components and libraries; inappropriate use of personal information stored on a device whose degree of security is questionable, in addition to the absence of a formal permission or informed consent; absence of data encryption and access control.

There are variants of the IoT, such as the industrial and services field, known as the Internet of Robotized Things (IoRT), which is gaining strength due to the continuous industrialization that demands the attention of robots, particularly in industrialized countries. There is also the Internet of Things on the Battlefield (IoTotBF) [58]; which combines various advanced communication network technologies (including quantum ones) with massively interconnected systems, thus taking warfare to a new level of technicality. In this context, the technicality of the military is increasing and AI together with robotics are frequently used in the development of new intelligent weapons, of which there is no guarantee that something can go wrong in the field of cybersecurity. Viewed in this way as [59], oversight at the cybersecurity level by human operators is going to be increasingly difficult, if not impossible. This opens a strong discussion about the role of the human being in military operations, since the responsibility of decision-making is transferred to a machine about destroying a target in which it implies the death of innocents.

From the above, a number of questions are presented related to how to minimize the risk of a cyber-attack on a military infrastructure with technologies such as IoTotBF or similar, by foreign militias, terrorist groups, organized crime or by advanced automatic systems based on AI. We must not forget that the militias of various nations of the world are constantly developing new robotic and cybernetic technologies, aimed at improving their attack and defense systems while minimizing the number of casualties.

**265**

victims.

*Internet of Things and Distributed Denial of Service as Risk Factors in Information Security*

further accentuated with the advent of next generation technologies.

The IoT presents great benefits for society, as well as great challenges in terms of security, due to its integration with various standard and advanced communication technologies, which manage multiple devices in the home, industry, health and transportation, among others. This trend must be taken into consideration not only by manufacturers and governments, but by society itself, since the risk of information collection by third parties is high and the uncertainty of its handling remains between said. In fact, the tradeoffs of transparency in the management of information by governments and large corporations are critical, and this problem will be

As for cyberattacks such as DDoS combined with other techniques mentioned throughout the chapter, the spectrum of damage to private and public computer networks is broadened, including devices connected to it such as the IoT, mobile devices and other emerging technologies. In this sense, the authorities and governments in general must take the potential cyberattacks that can be carried out on critical infrastructures such as health very seriously, since not only information is compromised, but people's lives are compromised. For example, zero-day or volume-based DDoS attacks, which are difficult to avoid due to the speed with which they run. In fact, it only takes one flaw for a botnet to saturate its target's network and fully control it. Along the same lines, there are other types of more sophisticated, highly destructive and selective attacks that take control of a system, such as protocol attacks, in this case TCP directed at networks that communicate with servers, firewalls (physical and logical), gateways and load balancers, where

To recap, although the attacks mentioned in this document are attributed to organized groups, a person with minimal knowledge could put an institution, industry and even a nation in serious trouble, since some of the information to create malware does not It is only found on the Darknet, but on the conventional internet, where with a minimal payment you can find programs to create ransomware and other types of computer viruses. Likewise, you can hire the service of any type of malware, the packages are sold on the dark web for reasonable prices, even malware kits. Most of the public is unaware of this type of thing and in this way is exposed to their personal or corporate information being stolen by cybercriminals. Based on what is stated in this document, it is evident that special attention must be paid to privacy, ethical, bioethical and legal aspects, security and rights, among other elements that threaten human dignity. Under this fact, there is a constant concern about the unauthorized access and manipulation of personal and massive data concentrated in technologies such as big data, IoT, cloud computing, among others, which contain sensitive information at a clinical, ethnic, sociocultural, economic, financial and industrial, etc., which require a thorough examination from the bioethical and biopolitical point of view that guarantee respect for the protection of information. At this point, a number of elements arise to evaluate, because not only is reference being made to the seizure of information and sale of it to third parties, but also to irreparable damage to the individual in terms of inequity or damage generated by the interference to the private life of the victim or

Under the exposed characteristics of a cyberattack, the violation in terms of property, rights, use, exploitation, maintenance and licenses for the administration of massive data, means little or nothing for the attackers, but if a great legal, ethical weight, bioethics and security for the organization and/or personnel in charge of managing and administering this data. From this point of view, there are gray areas regarding the formulation of public policies that guarantee an adequate safeguard on the property of the data, protection and prohibition of use for other purposes, so it is expected that in the coming years letters will be taken on this matter will

*DOI: http://dx.doi.org/10.5772/intechopen.94516*

damage to an infrastructure can be severe.

#### *Internet of Things and Distributed Denial of Service as Risk Factors in Information Security DOI: http://dx.doi.org/10.5772/intechopen.94516*

The IoT presents great benefits for society, as well as great challenges in terms of security, due to its integration with various standard and advanced communication technologies, which manage multiple devices in the home, industry, health and transportation, among others. This trend must be taken into consideration not only by manufacturers and governments, but by society itself, since the risk of information collection by third parties is high and the uncertainty of its handling remains between said. In fact, the tradeoffs of transparency in the management of information by governments and large corporations are critical, and this problem will be further accentuated with the advent of next generation technologies.

As for cyberattacks such as DDoS combined with other techniques mentioned throughout the chapter, the spectrum of damage to private and public computer networks is broadened, including devices connected to it such as the IoT, mobile devices and other emerging technologies. In this sense, the authorities and governments in general must take the potential cyberattacks that can be carried out on critical infrastructures such as health very seriously, since not only information is compromised, but people's lives are compromised. For example, zero-day or volume-based DDoS attacks, which are difficult to avoid due to the speed with which they run. In fact, it only takes one flaw for a botnet to saturate its target's network and fully control it. Along the same lines, there are other types of more sophisticated, highly destructive and selective attacks that take control of a system, such as protocol attacks, in this case TCP directed at networks that communicate with servers, firewalls (physical and logical), gateways and load balancers, where damage to an infrastructure can be severe.

To recap, although the attacks mentioned in this document are attributed to organized groups, a person with minimal knowledge could put an institution, industry and even a nation in serious trouble, since some of the information to create malware does not It is only found on the Darknet, but on the conventional internet, where with a minimal payment you can find programs to create ransomware and other types of computer viruses. Likewise, you can hire the service of any type of malware, the packages are sold on the dark web for reasonable prices, even malware kits. Most of the public is unaware of this type of thing and in this way is exposed to their personal or corporate information being stolen by cybercriminals.

Based on what is stated in this document, it is evident that special attention must be paid to privacy, ethical, bioethical and legal aspects, security and rights, among other elements that threaten human dignity. Under this fact, there is a constant concern about the unauthorized access and manipulation of personal and massive data concentrated in technologies such as big data, IoT, cloud computing, among others, which contain sensitive information at a clinical, ethnic, sociocultural, economic, financial and industrial, etc., which require a thorough examination from the bioethical and biopolitical point of view that guarantee respect for the protection of information. At this point, a number of elements arise to evaluate, because not only is reference being made to the seizure of information and sale of it to third parties, but also to irreparable damage to the individual in terms of inequity or damage generated by the interference to the private life of the victim or victims.

Under the exposed characteristics of a cyberattack, the violation in terms of property, rights, use, exploitation, maintenance and licenses for the administration of massive data, means little or nothing for the attackers, but if a great legal, ethical weight, bioethics and security for the organization and/or personnel in charge of managing and administering this data. From this point of view, there are gray areas regarding the formulation of public policies that guarantee an adequate safeguard on the property of the data, protection and prohibition of use for other purposes, so it is expected that in the coming years letters will be taken on this matter will

*Bioethics in Medicine and Society*

unauthorized access to a network.

exceeding zettabytes (1021 bytes), so technologies such as 5G, next-generation communication networks including the quantum internet, will accelerate and optimizing information traffic without saturating networks by reducing latency, incorporating other tools such as Edge/Fog Computing. It is worth mentioning that these technologies are characterized by the fact that the data is managed in the form of a chain of blocks or blockchain to guarantee a high level of security, which may possibly be migrated to specific applications such as the health field, minimizing

In the case of edge computing, it does not work alone apart from IoT, but is linked to other technologies such as Mobile Cloud Computing [56] and Collaborative Mobile Edge Computing [57], an example in this regard, are the Google Cloud IoT technologies, which are active in today's market. As they are considered as emerging technologies, the level of security is still in question, so the risk of compromising sensitive information of users and services through a cryptohacking attack is high. Let us remember that the security infrastructure in the cloud is high, but not that of the IoT, added to the bad practices that inevitably lead to

Normally, unnecessary or insecure network services are activated, being exposed to attacks where unauthorized control of any service can be assumed, violating the confidentiality, integrity, authentication or availability of the information. Along the same lines, there are often interfaces that are managed by proprietary or third-party devices, such as mobile applications, data repositories in the cloud, the corporate website itself and the backend APIs. These flaws lead to vulnerabilities such as weak encryption (or lack thereof) on the data circulating on

Other common failures found in IoT devices are: failure to update firmware or manage related processes such as encrypting in transit and validating updates without appropriate mechanisms for doing so; use of insecure or outdated software components and libraries; inappropriate use of personal information stored on a device whose degree of security is questionable, in addition to the absence of a formal permission or informed consent; absence of data encryption and access

There are variants of the IoT, such as the industrial and services field, known as the Internet of Robotized Things (IoRT), which is gaining strength due to the continuous industrialization that demands the attention of robots, particularly in industrialized countries. There is also the Internet of Things on the Battlefield (IoTotBF) [58]; which combines various advanced communication network technologies (including quantum ones) with massively interconnected systems, thus taking warfare to a new level of technicality. In this context, the technicality of the military is increasing and AI together with robotics are frequently used in the development of new intelligent weapons, of which there is no guarantee that something can go wrong in the field of cybersecurity. Viewed in this way as [59], oversight at the cybersecurity level by human operators is going to be increasingly difficult, if not impossible. This opens a strong discussion about the role of the human being in military operations, since the responsibility of decision-making is transferred to a machine about destroying a target in which it implies the death of innocents. From the above, a number of questions are presented related to how to minimize the risk of a cyber-attack on a military infrastructure with technologies such as IoTotBF or similar, by foreign militias, terrorist groups, organized crime or by advanced automatic systems based on AI. We must not forget that the militias of various nations of the world are constantly developing new robotic and cybernetic technologies, aimed at improving their attack and defense systems while minimiz-

the risk of compromising clinical information from the patients.

the network, as well as the absence of input/output filters.

**264**

ing the number of casualties.

control.

require the collaboration of various groups of experts and disciplines that seek to minimize risks, both in the handling of massive data, and in cyberattacks by various means.
