2 min read

IoT malware on the loose: Why should we worry?

Luana PASCU

October 24, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
IoT malware on the loose: Why should we worry?

Friday was a bad day for the internet. The Mirai malware code, released a short while ago by its author, is behind the unparalleled DDoS attack, even more aggressive than the one launched on KrebsOnSecurity last month.

The DNS (Domain Name System) is the backbone of the internet. In its simplest terms, it translates the domain name into an IP address and helps get the message across. If attacked, no website can be accessed. And that’s exactly what happened on Friday to Dyn and its managed DNS service.

This was huge because it was made up of some three DDoS attacks through an IoT botnet that generated 1 terabit of traffic. What started as an attack on US East coast servers soon spread globally, involving tens of millions of IPs. Multiple websites suffered service interruptions that took tremendous efforts to mitigate. Amazon, Spotify, Github, AirBnB, Twitter, PayPal, Netflix and Sony PlayStation networks were among companies affected.

“We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet,” wrote Kyle York, Chief Strategy Officer at Dyn. “We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”

Why is this scary? Not only because it was so complex and at large scale, but also because it once again draws attention to connected devices, their lack of security and the disaster just waiting to happen when hackers figure out all exploit opportunities.

24 billion IoT devices are expected to exist by 2020 globally, or around 4 per person. Mirai literally turns IoT devices with weak passwords into weapons, and security researchers say it tries as many as 60 combinations of user names and passwords to get into a device.

A Chinese manufacturer has confirmed its devices were used in the attack. Described as a “capability test,” it has just been claimed by an international hacker group called New World Hackers, with members in Russia, China and India.

So far, we’ve dealt with compromised DVRs, printers and surveillance and home video devices. But poor security protocols are part of the technology, so soon hackers might attack entire cities or worse.

The internet was created free and open to proliferate innovation. How will these attacks affect its integrity? More, how will future cybersecurity strategies interfere with net neutrality?

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read