Pagoda Blog


How Hackers Used the Internet of Things (IoT) to Launch the World’s Largest Cyberattack

December 1, 2016
Image: Public Domain CCO 1.0
Image: Public Domain CCO 1.0

We are increasingly connected to the internet through everyday objects, from smartwatches and phones to smart-fridges and heating systems. As of this year, an estimated 6.4 billion things are connected to the internet and this number is expected to increase to a staggering 21 billion as of 2020.

 

Known as the internet of things (IoT), the convenience of a connected world comes with a price. The incredibly fast growth of the IoT has opened us up to more vicious and widespread cyberattacks as the number of entry points increases and the level of security across devices fails to keep up. The danger of expanding the IoT without taking proper security measures was demonstrated by the recent distributed denial-of-service (DDoS) attack in October that took down at least a dozen major websites, including Twitter and Netflix.

 

A dangerous infrastructure

 

DDoS attacks work by sending a massive amount of traffic to a website, slowing it to a crawl and eventually causing it to crash. The IoT has created a network of billions of connected cameras, smart phones, laptops and other smart devices, creating the opportunity for widespread DDoS attacks.

 

On October 21, Dyn, a cloud-based internet performance management company whose clients are Fortune 500 companies like Twitter, Netflix, AirBnB, Spotify, and Reddit, was the victim of a massive DDoS attack. The attack targeted hundreds of thousands of XiongMai Technologies digital video recorders and IP cameras that were shipped with weak default passwords. Tens of millions of IP addresses were hacked through devices infected with the Mirai botnet. It was the largest DDoS attack to date, and the IoT was to blame.

 

“I truly think this IoT infrastructure is very dangerous on the whole and does deserve attention from anyone who can take action,” said Allison Nixon, director of research for the security firm Flashpoint in a post from Krebs on Security.

 

Image: Creative Commons iPad Workstation by Matthew Pearce. CC BY 2.0

 

 

Not the first attack, and it won’t be the last

 

These devices aren’t the only connected objects with vulnerable security systems. The breach in Target’s point-of-sale system in 2013, for example, was made possible by first accessing the firm managing the company’s HVAC systems. The bottom line is that as we’ve expanded the IoT, we have failed to also expand the security systems that protect these connected devices - a dangerous oversight that could jeopardize the foundation of a free and open internet.

 

Hopefully, the most recent attack will spur companies that manufacture IoT devices to invest in security systems that can at least mitigate the effects of future attacks. Even better, our government could pass security policy that defines security standards for connected devices, allowing for the continued expansion of the IoT without compromising our ability to openly use the internet for innovating, connecting, and collaborating on a global level.

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Pagoda Technologies is a globally recognized IT support company doing business in Santa Cruz, San Jose and all over the world who is working to help businesses and their IT departments run smoothly and efficiently. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a no cost business assessment.

 




Return to Pagoda Blog Main Page