After Years Of Warnings, Internet Of Things Devices To Blame For Big
Internet Attack
Hundreds of
thousands of cameras, routers, and DVRs have been hijacked by malware for use
in massive denial of service attacks.
On Friday, a series of massive distributed denial of service
attacks disrupted access to major internet services including GitHub, Twitter,
Spotify, and Netflix.
The attackers apparently used tens
of thousands of hacked internet of things devices—household appliances such as
digital video recorders, security cameras, and internet routers—to generate a
massive amount of digital traffic. That digital noise was sent to Dyn, a domain name service
provider used by major online companies, disrupting its ability to translate
human-readable internet addresses into the IP addresses networks use to route
traffic.
The attack came after years of warnings from security experts that
the makers of many internet-enabled devices paid too little attention to
security, shipping internet-connected hardware with preset passwords, insecure
default connections, and other vulnerabilities.
"It is just a matter of time
until attackers find a way to profit from attacking IoT devices," a report from security firm
Symantec warned last year. "This may lead to connected toasters
that mine cryptocurrencies or smart TVs that are held ransom by malware.
Unfortunately, the current state of IoT security does not make it difficult for
attackers to compromise these devices once they see the benefit of doing
so."
Hackers and security researchers
have previously exploited vulnerabilities to get access to devices like baby monitors and webcams. Researchers
from security company Pen Test
Partners even demonstrated earlier this year how hackers could install
ransomware on an internet-connected thermostat, leaving victims sweltering or
shivering until a ransom is paid.
And in Friday’s attack, compromised
IoT devices were coordinated as part of a botnet—a network of hacked machines
essentially turned into remote-controlled robots by malware—dubbed Mirai.
Between 500,000 and 550,000 hacked devices around the world are now part of the
Mirai botnet, and about 10% of those were involved in Friday’s attack,
said Level 3 Communications
chief security officer Dale Drew on the internet backbone
provider's Periscope channel Friday.
"With a rapidly increasing
market for these devices and little attention being paid to security, the
threat from these botnets is growing," according to a blog post published by Level 3 just days
before the attack.
Mirai-controlled devices were also
key components in a September denial of service attack on Krebs on Security, the high-profile blog by security journalist Brian
Krebs that’s both required reading for many in the industry and a juicy target
for the hacking groups Krebs covers. At the time, Krebs reported that the
attack was the largest ever seen by content distribution network provider
Akamai, nearly twice the size of the existing record holder.
Devices compromised by Mirai have
been detected in at least 164 countries, researchers from security firm
Imperva reported earlier this
month, with the bot programmed essentially to scan wide swaths of the
internet looking for more devices with default or easily predictable passwords
that it can infect. It’s still not known who created the initial Mirai malware,
although the source code powering the botnet was released by a hacker using the
name Anna_Senpai earlier this month.
It’s also unclear whether the botnet’s initial creators are
directly behind the attack on Dyn or whether they’re effectively selling access
to the attackers.
"The person who’s buying time
on that bonnet could be buying time on quite a few other botnets as well,"
Drew said on the Level3 Periscope channel. The Department of Homeland Security
and Federal Bureau of Investigation have said they're
investigating Friday's attack.
Security experts advise users of IoT devices to take simple steps
like changing default passwords and installing any security updates that
manufacturers provide, but it can be difficult to make many such devices fully
secure against a determined hacker. Some manufactures don't provide updates at
all, and some only provide them through an insecure online channel, letting
hackers effectively generate their own malicious updates, according to last
year’s Symantec report.
"Unfortunately, it is difficult for a user to secure their
IoT devices themselves, as most devices do not provide a secure mode of
operation," says the report, which also urges manufacturers to implement
basic security measures on their connected products.
Requiring users to set their own secure passwords when setting up
the devices, and disabling unneeded avenues for remote control, would help keep
hackers out, according to Level 3’s Mirai report.
Users can often also configure the devices to disable remote login
to the devices and use free tools to make sure those connections are actually
disabled, says Imperva.
"With over a quarter billion CCTV cameras around the world
alone, as well as the continued growth of other IoT devices, basic security
practices like these should become the new norm," says the company.
"Make no mistake; Mirai is neither the first nor the last malware to take
advantage of lackluster security practices."
STEVEN MELENDEZ
www.fastcompany.com
No comments:
Post a Comment