The Internet of Things and cyber-threats of 2017
How did an army of everyday appliances shut down half of the Internet? IoT devices are popular, but without security in place they pose a serious threat.
Distributed Denial of Service (DDoS) attacks saw a 71 per cent increase in Q3 2016 when compared to Q3 2016. We’ve compiled a list of cyber-threats that you’ll need to look out for this year, including one you would never expect.
Even the most mundane of home appliances are now members of the internet.
Unacknowledged risks with the Internet of Things
The Internet of Things (IoT) is defined as the widespread integration of devices into the public internet. For consumers, this is realised in smart televisions that stream video from a tablet or a remote media server, washing machines that automatically order fabric softener, and thermostats that respond to voice command.
Even the most mundane of home appliances are now part of the internet, but these simple devices require complex technology to communicate. Many consumer devices deploy an IP stack – a set of network protocol layers that work together – and contain a tiny network interface card to do so.
Cyber threats that live inside our machines
There are two accompanying threats with IoT devices that present the greatest cyber risk of 2017; botnets and DDoS attacks.
A bot is a computer within your network that has been compromised by a discreet program installed and hidden within the system. The program runs in the background, under the control of a remote attacker. Usually, bots aren’t used against your business; instead, your machines are recruited as unknowing participants in an orchestrated attack on the malicious individual’s true target.
As the bot programs only use a fraction of a machine’s resources, they’re small enough to often remain undetected. A botnet is a connected web of these machines, with the labour of the DDoS attack distributed among them.
In a DDoS attack, the enslaved machines send intermittent streams of junk data to a single target, such as a critical corporate server. The target server becomes so overloaded in an attempt to sort the incoming junk from important data that it becomes inoperable. This could result in a total shutdown of critical corporate systems and an enterprise of employees unable to work. It could mean a vital revenue-generating application is unavailable, such as your mobile banking app or online retail store.
Botnets are so colossal that security systems can’t block individual IP addresses fast enough.
The day our devices shut down the internet
The Domain Name System (DNS) is the phonebook service of the internet, and without it, nobody can find anything.
On October 21, 2016, a DDoS attack of unprecedented scale was launched against a major DNS infrastructure company, Dyn. With the DNS service unavailable, a swath of customers were unable to access major websites such as Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, and the PlayStation Network (PSN).
There is also no easy fix for an attack of this magnitude. Botnets are so colossal that security systems can’t ban individual IP addresses fast enough; they are so dispersed that blocking a specific geographical section is pointless.
So how was the staggering attack on Dyn achieved? Potentially, with an army of toasters.
Shortly after the botnet launched, Dyn reported “tens of millions” of messages from around the globe, sent by seemingly harmless, but internet-connected, devices including printers, IP cameras and baby monitors.
“It could be your DVR, it could be a CCTV camera, a thermostat. I even saw an internet-connected toaster on Kickstarter yesterday,” said Kyle York, Dyn’s chief strategy officer.
Until 2-factor authentication becomes mainstream, password integrity is more crucial than ever
If we aren’t conscious of security requirements, IoT appliances that are recruited into a botnet will remain unsecure and co-optable into the foreseeable future. Casual individuals are lax with security setup for their IoT devices, and the default passwords often remain the same. Because, after all, who would ever hack a toaster?
With bring your own device (BYOD) encouraged amongst employees, and both cloud storage and IoT devices appearing in every part of our lives, businesses need sophisticated protection for their networks and increased security awareness policies.
At Telarus, we live and love IT. To discover how we can help you address cyber security within your business, get in touch with our team today.