On 21 October 2016, something happened that could have been straight out of a science fiction movie. Many parts of the Internet, which we take for granted, stopped working. Twitter went down; Airbnb and Spotify were inaccessible. Even security expert Brian Krebs’s blog was shut down. It was as if the Internet had stopped working. What had occurred was a massive distributed denial-of-service attack (DDoS). The difference between this attack and most others is that instead of focusing the attack on an individual website, the focus was on a centralized service provided by the vendor, Dyn. Dyn offers services, including routing of incoming traffic, so that heavily used sites, such as Twitter, can offer better service to their visitors. The DDoS hackers took a hit-the-mothership approach to deliver a much more widespread impact, bringing down multiple websites.
DDoS attacks are increasing in frequency and size. Security experts, including Krebs, believe that this new breed of DDoS attack is only possible because of the Internet of Things (IoT), which is acting like a modern-day Trojan horse carrying the capability en masse to carry out a cyberattack.
IoT devices, being connected via the Internet to cloud servers and each other, have a wide reach and can control our fridges, heating controls and much of our modern lives. This highly distributed connectivity is a hacker's dream. The IoT has the potential to be a massive interconnected web of hacker tools that can be switched on for hacking whenever needed. If an IoT device is infected with malware, such as a botnet, then it can also connect back to the hacker via the Internet. Infected IoT devices act like a massive distributed collective, working together as highly effective cybercrime tools and using the combined power of many devices to affect their sinister outcome.
The underlying reason why IoT can be hijacked in this manner has to do with the security approach of IoT manufacturers. The rush to market of many IoT devices has had some negative implications, one of which is security. Many devices have serious security vulnerabilities, and vendors may not be efficient with updates. Other security issues also exist, e.g., insecure software components, unencrypted or poorly encrypted communications, or insecure protection of the wireless network password for the home network where the device resides. This practice effectively adds a backdoor into the device that can be exploited, which is what happened during the Dyn attack. The Dyn DDoS attack was traced back to IoT devices, which were infected with malware known as Mirai. Mirai was built to run scans across IoT connected devices looking for known security vulnerabilities, in particular, weakly applied usernames and passwords. Mirai then uses dictionary attacks or tries to log in with well-used default credentials. Once it has access, the infection begins.
To keep your IoT devices secure, read the full article on ISACA's website.
About the Author
Avani Desai is a Principal and the Executive Vice President at Schellman. Avani has more than 15 years of experience in IT attestation, risk management, compliance and privacy. Avani’s primary focus is on emerging healthcare issues and privacy concerns for organizations. Named as one of the 2017 Global Leaders in Consulting by Consulting Magazine she has also been featured and published in the ISSA Journal, ITSP Magazine, ISACA Journal, Information Security Buzz, Healthcare Tech Outlook, and many more.More Content by Avani Desai