On Friday OCT 21st, multiple highly calculated Distributed Denial Of Service (DDOS) attacks were launched against DYN, a major company involved with the routing of internet traffic. Some of the larger clients affected by this were Twitter, Amazon, Netflix and PayPal. A Denial Of Service attack is simply where a number of devices simultaneously generate an unbelievable amount of traffic targeted at the victim. In the case of DYN there were tens of millions of attacks distributed all over the world the simultaneously generated more traffic that they could handle. This basically stopped all legitimate traffic from getting to the company websites that they routed information too, thus they were effectively down. DYN was able to mitigate these multiple attacks within an hour each time they occurred, however it still affected the financials of many high traffic websites. Most of them were in the United States (Northeast and Mid-Southwest) and Eastern U.K.
Even though a DDOS attack does not do the harm a virus outbreak and ransomware attack can, it still can stop operations until the issue can be mitigated.
Why should I care?
The Internet Of Things (IoT) is the network of all things connected to the internet. It is no longer just computers and mobile devices. Now we are seeing devices like microwaves, refrigerators, alarm systems, smart TV’s, stereos, lighting controllers etc… entering the picture. Unfortunately, the makers of most of these devices are not concerned with security and thus they have little or no security engineered. Once the cyber attackers gain access to these devices, they can commandeer them to launch a coordinate attack like this DDOS attack on DYN. W
We know that the IoT’s were infected with the Miria botnet, and then they attacked DYN with the DDOS. Yes, appliances attacked a major web infrastructure company. AlienVault’s Javvad Malik tells us that “the Miria botnet is malware designed to take control of the BusyBox systems that are commonly used in IoT devices.”
The problem is there are so many IoT devices out there, and they have no update or easy fix for their lack of security. Many of these devices use default user names and passwords that cannot be easily changed. Cyberattacks will no doubt be launched more and more from our appliances, so to speak. Until fundamental security is architected into these systems they will be taken over for malicious use constantly. This will continue to get worse until we demand that these companies put in the security that these devices must have designed into them from the very beginning!
The post Caution on your next appliance purchase – SMART doesn’t make RIGHT appeared first on Greater Business Association - Houston, TX.