The threats associated with the Internet of Things (IoT) was thrust back into the public eye this weekend after what some news sites have described as the largest internet blackout in US history.
The attacks targeted the Domain Name System (DNS) services of Dyn, an internet performance management company, which prevented their servers from being able to resolve DNS queries for many popular web services including Amazon, Reddit, Twitter, GitHub and Spotify.
Who Was Responsible?
There has been much speculation about who was responsible after both ‘New World Hackers’ and ‘RedCult’ claimed responsibility.
Whilst the culprits and the actual size of the attack remains unclear, Dyn’s Chief Strategy Officer Kyle York has admitted the DDoS was in-part facilitated by the Mirai malware, an IOT botnet that targets Linux-based IoT devices such as DVRs, CCTV systems and IP cameras.
It exploits devices that use default or simple passwords and was recently responsible for the record-breaking DDoS attacks against Brian Krebs and web-hosting company OVH. Perhaps in an effort to avoid law enforcement scrutiny in the wake of these high-profile attacks, Mirai's author recently leaked the malware's source code.
As expected, this has resulted in numerous botnets appearing and, now the botnet’s capabilities are available to a much wider audience, identifying the original creator has become much harder.
Is There More to Come?
As if the previous record DDoS attacks were not enough of a wake-up call about the threat of IOT botnets, last week’s disruption serves as another key reminder of the importance of changing default passwords on internet-connected devices.
To mitigate the threat, end-users need to take more proactive action to secure their devices, but vendors can also assist by enforcing password changes upon installation.
Although some vendors take responsibility and release patches for insecure devices, the fact remains that the passwords on some equipment cannot be changed and there will still be plenty of unpatched devices available for malicious hackers to use.
Sooner or later an IoT botnet is likely to attack a service you or your business rely on, and a simple password change could help prevent your devices becoming part of the next attack.