sb-nz logo
Story image

Trick or threat? How zombie IoT devices surprised the internet

01 Nov 2016

“Trick or treeeat!” Hearing kids yell that at your front door means one thing: if you don’t give them candy, you can count on being the target of some rather mean jokes.

Compared to that, millions of routers, security cameras and other IoT (Internet of Things) devices that knocked on the door of Dyn DNS a week before Halloween didn’t offer any such option. Instead, they formed one giant zombie army with a single malicious aim – to take down the internet and some of its most popular services.

ESET, as well as many other security vendors, have accurately predicted that IoT security would become an important topic this year. However, the most frequently voiced concerns were that these devices might become a large source of leaked owner data, or might be targeted as a weak security link in home networks. But things don’t always turn out the way you expect, right?

Last week’s massive DDoS attacks, as well as hits on Brian Krebs’ website, have shown that private information wasn’t the main focus of cybercriminals - at least not for now. Their aim has been to gain control over millions of IoT devices and direct their power towards any target they choose.

What these attacks prove is that there are tens of millions of devices that can be exploited due to poor security practices such as employing default usernames or passwords or running vulnerable and out-of-date firmware.

And even though Dyn was able to mitigate the attacks in a matter of hours, this may only be the beginning of a “DDoS war” in the coming months.

To understand the possible scale, let’s look at the numbers. According to Gartner, there were close to five billion IoT devices on the market (including the automotive industry) by the end of 2015. If the same estimates are correct, in 2020 this figure will grow to over 25 billion.

Without a shift towards more security in the IoT field at all levels – ranging from producers, who need to build their software and hardware with security in mind, all the way to regulators, who have to put proper constraints in place to enforce higher standards – this problem could get much worse.

And let’s not forget about end users. Even you as a home user can contribute to the solution, in multiple ways:

  1. The first step would be to buy quality IoT devices that are up to current security standards, and to avoid cheap substitutes that are being built without a focus on this aspect.
  2. You can also run tests to find vulnerabilities in your hardware – such as default factory passwords or out-of-date software (firmware) – and change or patch them.
  3. Carefully set up IoT devices that you already have back home, such as your router.

Article by Ondrej Kubovic, We Live Security

Story image
Millions of email attacks missed by organisations’ cyber security protection
"While organisations have invested in protection against email threats, many of these attacks slip through gateways, landing in users inboxes."More
Story image
Quantum extends Veeam partnership in a bid to protect against ransomware
“Quantum continues to expand its partnership with us and we are pleased to add ActiveScale object storage to a select group of S3 targets that can provide robust ransomware protection for our joint customers."More
Story image
2021's Most Wanted: Emotet continues reign as top malware threat 
The Emotet trojan continues to reign as top malware in January, despite international law enforcement taking control of its infrastructure.More
Story image
Kaseya acquires RocketCyber to bring SOC solutions to more businesses
"With this acquisition, we've doubled down on our security investments to provide our customers with access to experts who can continuously monitoring their IT environments without the cost and complexity of disparate tools.”More
Story image
ICS vulnerabilities on the rise as gaps in remote work expand attack surfaces
The number of ICS vulnerabilities disclosed in 2020 increased by more than 30% compared to 2018 and nearly 25% compared to 2019.More
Story image
Three steps to a security-driven network for a stronger security posture
As the threat landscape continues to evolve and organisations stand to lose so much if they fall victim to an attack, it’s essential to ensure that security measures evolve in line with the network itself.More