IoT malware on the loose: Why should we worry?
Friday was a bad day for the internet. The Mirai malware code, released a short while ago by its author, is behind the unparalleled DDoS attack, even more aggressive than the one launched on KrebsOnSecurity last month.
The DNS (Domain Name System) is the backbone of the internet. In its simplest terms, it translates the domain name into an IP address and helps get the message across. If attacked, no website can be accessed. And that’s exactly what happened on Friday to Dyn and its managed DNS service.
This was huge because it was made up of some three DDoS attacks through an IoT botnet that generated 1 terabit of traffic. What started as an attack on US East coast servers soon spread globally, involving tens of millions of IPs. Multiple websites suffered service interruptions that took tremendous efforts to mitigate. Amazon, Spotify, Github, AirBnB, Twitter, PayPal, Netflix and Sony PlayStation networks were among companies affected.
“We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet,” wrote Kyle York, Chief Strategy Officer at Dyn. “We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Why is this scary? Not only because it was so complex and at large scale, but also because it once again draws attention to connected devices, their lack of security and the disaster just waiting to happen when hackers figure out all exploit opportunities.
24 billion IoT devices are expected to exist by 2020 globally, or around 4 per person. Mirai literally turns IoT devices with weak passwords into weapons, and security researchers say it tries as many as 60 combinations of user names and passwords to get into a device.
A Chinese manufacturer has confirmed its devices were used in the attack. Described as a “capability test,” it has just been claimed by an international hacker group called New World Hackers, with members in Russia, China and India.
So far, we’ve dealt with compromised DVRs, printers and surveillance and home video devices. But poor security protocols are part of the technology, so soon hackers might attack entire cities or worse.
The internet was created free and open to proliferate innovation. How will these attacks affect its integrity? More, how will future cybersecurity strategies interfere with net neutrality?