The Internet of Attacks: Disturbing Online IoT Trends

Disturbing Online IoT Trends

If you thought the worst thing to come out of the Internet of Things (IoT) trend for internet-connected devices was your mother in law’s daily reports on her smart refrigerator telling her she’s out of prune juice, then it’s time to think again.

People are understandably going wild for IoT devices. The technology is intriguing, many of the applications are becoming essential, and in a great deal of cases what these devices can do is just plain fun. The problem is that online attackers are just as fond of these devices, and they’re not using them to monitor their front doors or turn on the coffee maker while they’re still in bed. Instead, they’re using them for distributed denial of service (DDoS) attacks and data breaches.

DDoS dangers

When it comes to IoT devices, DDoS attacks and data breaches are two separate issues that stem from the same problem: lax security. In their rush to market, manufacturers largely have yet to prioritize security in their IoT devices, and while end users would be quick to secure an internet-connected device like a laptop, it just doesn’t seem to be thought of when it comes to smart devices like thermostats or baby monitors. As a result, the Internet of Things is populated by millions of devices using default usernames and passwords.

This is a problem because with a bit of Malware and expertise, an attacker can hijack an internet-connected device and control it remotely. This is how botnets are assembled. In essence, a botnet is a network of hijacked devices that are used to aim immense amounts of malicious traffic at websites, servers or other online services in what are called DDoS attacks. An unmitigated attack will push the website or service offline altogether, or slow it down to the point that it can’t be used.

Botnets have been a DDoS-causing problem for over 15 years, but with the security problems plaguing the IoT, the size of botnets as well as their resultant attacks are reaching never before seen proportions. It was an IoT botnet by the name of Mirai that was behind the record-smashing distributed denial of service attacks on French hosting provider OVH, online security blogger Brian Krebs and DNS provider Dyn at the end of 2016, and it will surely be IoT botnets behind the next record breakers, which could come at any time.

Vulnerable data

If an attacker can compromise a device in order to enlist it in a botnet, then an attacker can also compromise a device for its data. Financial information, health information and other sensitive and highly sellable data is ripe for the picking behind default user names and passwords in the IoT. This would be bad enough for individual users, but there is an untold number of smart devices in use by major organizations that are providing potential access to huge databases.

Forrester Research estimates that a whopping 500,000 IoT devices will be compromised in 2017, while other experts are predicting that the first big security breach that can be traced back to an IoT device will happen within the next two years, to say nothing of the smaller scale data breaches that could be occurring at this very moment.

A collaborative solution

A true solution to these IoT problems is frustratingly out of reach since it requires the cooperation of so many organizations and people, including a large number of manufacturers that need to incorporate better security in the firmware to cut down on Vulnerabilities. As a result, end users and website owners are left to secure their own devices and sites.

To begin securing your devices, change the default user names and passwords on them, no matter how ridiculous it may seem to set a password for, say, a thermostat. It’s also a good idea to disable WAN or remote access to your devices. You can use this open port finder to check for remote access on Telnet (23), SSH (22) and HTTP/HTTPS (80/443) ports.

To protect a website against the major threat posed by DDoS attacks, website owners need to invest in professional distributed denial of service mitigation. Scalable, cloud-based protection with a truly robust backbone will be able to handle attack attempts from botnets of all sizes, even IoT-powered botnets.

With a few simple steps and high-quality DDoS protection, your biggest IoT worry can once again be related to your mother in law and the world’s most boring use of smart devices. What a world.

Sponsored by Incapsula

By Gary Hanley

Cloud For Dummies.png
Disaster Plan.png
Disaster Recovery Plan.png
Hair Loss.png
Jen Klostermann
Why Marketing Is Important Those who ask themselves why marketing is important. Lets first start with Big Data. Big Data and its enhanced usefulness through advancing predictive analytics has changed the marketing game forever, and ...
Recognizing the Function of UX in Cloud Development
Recognizing the Function of UX Did you know that 50% of global corporate data is stored in the cloud? Little wonder many more businesses are working on moving their web-based applications to the cloud. A ...
Gary Bernstein
How IoT Cloud Services Stack Up Against DIY The ever-increasing mass adoption of IoT devices is leading to a consistent rise in the data generated through these devices. Large corporations are cashing on this opportunity ...
Mike Whitmire
The Role of Accounting Software Running and healthy and growing organization isn’t easy. There are many moving parts that contribute to business health and they need to work in unison. Accounting, unfortunately, is often seen ...
Cybersecurity Maturity Model Certification (CMMC)
The Rise Of The Corporate VPN Over the past few years, VPNs have become increasingly widely used by the general public. Initially, they were used exclusively by the tech-savvy and privacy obsessed, but as the ...