You have probably heard the term “the Internet of Things” (IoT) being bandied about, according to some it is the next big revolution after mobile, for others it is more hype than reality. The truth is somewhere in between. However one thing is sure the number of computing devices connected to the Internet is growing, and growing fast. It used to be just computers – desktops, servers and laptops – that were connected to the Internet but now almost everything has the potential to be online. From cars to door sensors, with everything in between, there are now an untold number of devices with Internet capabilities.
According to some research there will be over 6 billion connected devices in use worldwide by the end of 2016 and by 2020 that number will reach 20 billion. The reason all these devices are being put online is so that they can send information into the cloud where it can be processed and then used in some useful manner. You want to control your thermostat from your phone? Easy! You want to have security cameras which you can check while you are away? OK, as you wish.
However there is one problem with all of this connectivity, the link flows in two directions. If a device can send data up into the cloud, then also it can be contacted from the cloud. And this is where the issue of security arises. If a hacker can control IoT devices then chaos ensues.
Securing a system has traditionally been a battle of wits: the penetrator tries to find holes, and the designer tries to close them – Morrie Gasser, Building a Secure Computer System.
And that is what we saw recently when cyber-criminals launched a distributed denial of service (DDoS) attack on Dyn, a DNS provider for Twitter, SoundCloud, Spotify, Reddit and others. A DDoS attack aims to disrupt Internet services (like websites) so that users can access them. This brings frustration for the users and potential financial loss for the website. The reasons these attacks are “distributed” is because they use multiple (like thousands or tens of thousands) of computers across the world in a coordinated attack. Traditionally these computers have been Windows desktop PCs which have been infected with malware. At the right time the malware is activated and PC joins a”botnet”, a network of remote machines (bots) which stage the attack.
DDoS attacks aren’t new, however there was something very special about the attack on Dyn, this one was launched not via PCs, but via connected devices like DVR security cameras or network-attached storage devices. According to security expert Brian Krebs a new piece of malware was recently developed which scans the Internet for IoT devices and tries to connect to those devices. If a device allows some kind of simple access using factory default username & passwords then the malware connects and inserts a malicious payload.
For Full Story, Please click here.