The Internet of Things (IoT) vulnerability to malware hackers

The Internet of Things (IoT) vulnerability to malware hackers

As Australia rapidly rolls out the smart electricity grid with smart meters for every household as an essential part of the $17 trillion Internet of Things (IoT)technological ‘revolution’, little heed is given for the grid/meters vulnerability to hackers. Already there have been reports of household wi-fi enabled appliances being hacked and there are concerns over the vulnerability of smart meters to being hacked.

A Brave New World or Hackers Heaven? Read on.

Don
********************

From The State of Security

IoT Botnets Fueling Bigger and Badder DDoS Attacks, Finds Report

David Bisson, Jan 24, 2017

Excerpt

2017 promises to be the most challenging year yet for information security professionals. The security community will need to defend users and organizations against a host of new digital threats. In preparation for the year ahead, infosec experts should take a moment to reflect on the operational hurdles confronting them and the strategies they can use to overcome those obstacles.

Arbor Networks, a developer of network security and network performance software, thinks this is a good idea. That explains why the company published its 12th annual Worldwide Infrastructure Security Report (WISR). The study offers insights provided by 356 professionals from tier 1 and tier 2/3 service providers, as well as hosting, mobile, enterprise and other types of network operators located around the world. Two-thirds of those participants identified as security, network, or operations personnel. Their answers cover November 2015 through October 2016….
SNIP
IoT botnets, such as those assembled by Mirai and other malware families, have helped created a new generation of powerful DDoS attacks. To illustrate, Arbor Networks detected a campaign whose attack traffic peaked at 800 Gbps – about 60 percent larger than the peak attack size detected in 2015. Overall, DDoS attacks have increased 7,900 percent in size since 2005. Infected IoT devices aren’t the only contributor behind larger DDoS attacks, either. Bad actors are also increasingly using reflection amplification to multiply the size of attack traffic hundreds of times. Those techniques come with the bonus of hiding the original attack source…
SNIP
Given the growing sophistication, size, and frequency of DDoS attacks, it’s no wonder Arbor Networks’ report found that these campaigns are causing a wider range of consequences. Dyn is by far the most immediate example of this trend. Even so, other organizations have also reported costs the likes of which we’ve never seen before.

Here’s a small taste:

* More than half (61 percent) of data center/cloud providers reported attacks that fully saturated data center bandwidth.
* Approximately a quarter of that same group of respondents said attacks exceeded 100,000 USD. Five percent noted costs that surpassed one million USD.
* Close to half (41 percent) of enterprise, government, and education (EGE) respondents told Arbor Networks that at least one DDoS attack exceeded their total internet capacity. Those types of attacks resulted in downtime costs above $500/minute.

SNIP

Read the full article here

AND:

Researchers Discover 500,000+ IoT Devices Vulnerable to Mirai Botnet
Maritza Santillan, Oct 10, 2016

Excerpt

The Mirai botnet has made plenty of headlines recently after launching record-breaking distributed denial-of-service (DDoS) attacks against the website of well-known security journalist Brian Krebs.Earlier this month, hackers publicly released the source code of the Internet of Things (IoT) botnet powered by easily hacked routers, IP cameras and digital video recorders, among other devices.

“The [Mirai] malware… spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords,” explained KrebsonSecurity.

The insecure IoT devices are then loaded with malicious software, transforming them into “bots” and forcing them to report to a central control server, which is utilized to launch massive DDoS attacks in an effort to knock websites offline. SNIP

Read the full article here

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s