The threats associated with the Internet of Things (IoT) was thrust back into the public eye this weekend after what some news sites have described as the largest internet blackout in US history.
The attacks targeted the Domain Name System (DNS) services of Dyn, an internet performance management company, which prevented their servers from being able to resolve DNS queries for many popular web services including Amazon, Reddit, Twitter, GitHub and Spotify.
Who Was Responsible?
There has been much speculation about who was responsible after both ‘New World Hackers’ and ‘RedCult’ claimed responsibility.
Whilst the culprits and the actual size of the attack remains unclear, Dyn’s Chief Strategy Officer Kyle York has admitted the DDoS was in-part facilitated by the Mirai malware, an IOT botnet that targets Linux-based IoT devices such as DVRs, CCTV systems and IP cameras.
It exploits devices that use default or simple passwords and was recently responsible for the record-breaking DDoS attacks against Brian Krebs and web-hosting company OVH. Perhaps in an effort to avoid law enforcement scrutiny in the wake of these high-profile attacks, Mirai's author recently leaked the malware's source code.
As expected, this has resulted in numerous botnets appearing and, now the botnet’s capabilities are available to a much wider audience, identifying the original creator has become much harder.
Is There More to Come?
As if the previous record DDoS attacks were not enough of a wake-up call about the threat of IOT botnets, last week’s disruption serves as another key reminder of the importance of changing default passwords on internet-connected devices.
To mitigate the threat, end-users need to take more proactive action to secure their devices, but vendors can also assist by enforcing password changes upon installation.
Although some vendors take responsibility and release patches for insecure devices, the fact remains that the passwords on some equipment cannot be changed and there will still be plenty of unpatched devices available for malicious hackers to use.
Sooner or later an IoT botnet is likely to attack a service you or your business rely on, and a simple password change could help prevent your devices becoming part of the next attack.
Your free Global Geopolitical Dashboard
PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.
The Risk Portal gives users up-to-date information and analysis on global affairs.
The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.
Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.
Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.
Subscribe to our Cyber Bytes Newsletter
Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.