sb-nz logo
Story image

Internet of Things or Internet of Trouble?

The recent cyber-attack in the United States via the Internet of Things has re-focused attention on the potential threat for New Zealand. 

The source of the angst was default usernames and passwords, and a piece of malware called Mirai that scans the internet for devices still with factory default or static usernames and passwords.  

Mirai took control of those devices, turning them into bots in a united force to overload networks and servers with multiple requests resulting in slow speeds or even shutdowns.

The impact was significant with the distributed denial of service (DDoS) attack against Dyn, a managed DNS provider, crippling sites including Twitter, Netflix, Spotify, Reddit and many others.

According to local cloud IT services company, Dynamo6, the event has highlighted the potential for the same to happen in New Zealand.

“While there are no NZ statistics on how many people don’t change default passwords and usernames, the figures are likely to be similar to overseas, which opens us up to attack. If this happens, there’s potential for damage to our reputation as an easy and open place for business,” says Igor Matich, managing director, Dynamo6.

“But the problem doesn’t only lie with consumers but also with manufacturers and vendors of IoT devices.  Better practices need to be adopted to make sure devices are cloud managed and use cloud identities for configuration,” he says.   

An example is the Google OnHub router that uses a Google account to manage the device along with a dedicated mobile app.  In this way a trusted account is used and also linked to other key identities rather than some other user account setup and stored on the device itself.

“Anyone can produce an IoT device and this is worrying when there aren’t proper standards and practices,” Matich says. 

To the unsuspecting consumer these IoT devices may seem like a great idea for a smart home or office but without the necessary infrastructure they can leave the door open to major security issues, similar to what happened across the US,” he explains.

Matich says IoT devices should never remain on the Internet without ongoing security updates and management. This should happen as a matter of course however, with the eagerness of companies to capitalise on the IoT trend the importance of this can be forgotten.

“The best piece of advice is to only buy from a trusted vendor and always change the default username and password, and update them regularly.  There are many corners being cut in the rush but this risks a major security breach that would harm New Zealand’s international reputation,” he explains.

Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More
Story image
Cybersecurity market continues meteoric ascent - damages to reach $6 trillion
With the increase in cyberattacks, organisations are continuing to spend more money on security. However, without a focused cybersecurity strategy, they often spend it in the wrong areas.More