IoT malware on the loose: Why should we worry?
Friday was a bad day for the internet. The Mirai malware code, released a short while ago by its author, is behind the unparalleled DDoS attack, even more aggressive than the one launched on KrebsOnSecurity last month.
The DNS (Domain Name System) is the backbone of the internet. In its simplest terms, it translates the domain name into an IP address and helps get the message across. If attacked, no website can be accessed. And that’s exactly what happened on Friday to Dyn and its managed DNS service.
This was huge because it was made up of some three DDoS attacks through an IoT botnet that generated 1 terabit of traffic. What started as an attack on US East coast servers soon spread globally, involving tens of millions of IPs. Multiple websites suffered service interruptions that took tremendous efforts to mitigate. Amazon, Spotify, Github, AirBnB, Twitter, PayPal, Netflix and Sony PlayStation networks were among companies affected.
“We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet,” wrote Kyle York, Chief Strategy Officer at Dyn. “We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Why is this scary? Not only because it was so complex and at large scale, but also because it once again draws attention to connected devices, their lack of security and the disaster just waiting to happen when hackers figure out all exploit opportunities.
24 billion IoT devices are expected to exist by 2020 globally, or around 4 per person. Mirai literally turns IoT devices with weak passwords into weapons, and security researchers say it tries as many as 60 combinations of user names and passwords to get into a device.
A Chinese manufacturer has confirmed its devices were used in the attack. Described as a “capability test,” it has just been claimed by an international hacker group called New World Hackers, with members in Russia, China and India.
So far, we’ve dealt with compromised DVRs, printers and surveillance and home video devices. But poor security protocols are part of the technology, so soon hackers might attack entire cities or worse.
The internet was created free and open to proliferate innovation. How will these attacks affect its integrity? More, how will future cybersecurity strategies interfere with net neutrality?
What is medical identity theft and how to protect against it
July 27, 2022
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022