Internet of Things devices are starting to pose a real threat to security for the sensible part of the web, Akamai’s chief security officer Andy Ellis has told The Register.
Speaking in the aftermath of the large DDoS against security journalist Brian Krebs, Ellis elaborated a little on the makeup of the botnet which took down Krebs’ website, saying it was mostly made up of hacked Internet of Things devices.
“We’ve noticed a strong overlap between the attack … and one of the botnets that we have been working at in modelling,” Ellis told El Reg, as he named the Kaiten malware as one of the vectors involved in the Krebs attack.
Kaiten has long been known as a source of IRC-controlled DDoS attacks. While the original chiefly targeted routers, this latest version also “targets DVRs and some cameras” according to Ellis.
During the attack against Krebs, Akamai jettisoned him from their DDoS mitigation service with two hours’ notice. Krebs was a pro bono customer and the sheer volume of traffic – 620Gbps – threatened to affect services for Akamai’s paying clients. Krebs later said he didn’t blame Akamai for taking the action they did, even though Google stepped in with its Project Shield service.
“This is a very concerning thing, looking at the prevalence of IoT and the ability for [the Krebs attackers] to throw around this volume of traffic,” Ellis said. “More research is being done on the adversary side to find out how to better take control of IoT devices, whether by means of a brute force attack using a known and common credential such as the [default] admin password, which gets them into a handful of routers out there, and then [the attackers start] leveraging the bandwidth of these end users.”
For Full Story, Please click here.