According to marketsandmarkets, the Internet of Things market size is estimated to grow from USD 157.05 billion in 2016 to USD 661.74 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 33.3% from 2016 to 2021. All industry verticals are undergoing a huge transformation in a bid to move toward affordable, accessible, and quality services to their customers.
All these developments actually excite us because we see the growth of technology and innovations. However, at the same time, IoT cyber security threats take out all excitement and leave us in midst of confusing and alarming stage. Let’s look at the IoT DDoS attack of October 2016 and how it brought down major sites like Twitter, Reddit, and Paypal.
The brutal IoT DDoS cyber attack of October 21, 2016, which took place at Dyn (a major provider of DNS services), caused many Internet platforms and services unavailable to large swathes of users in Europe and North America.
Dyn was attacked by two large and complex DDoS attacks from approximately 11:10 UTC to 13:20 UTC and then again from 15:50 UTC until 17:00 UTC. This attack was targeted on its managed DNS infrastructure, causing service interruptions across the internet for people on the East Coast. This attack caused a significant impact on Dyn’s customers and their end users before they were successfully mitigated by Dyn’s Engineering and Operations teams.
Like a typical DDoS attack, this attack was conducted by directing a huge amount of bogus traffic at targeted servers of Dyn bringing down many major company websites like Netflix, Reddit, GitHub, Verizon, PayPal, Twitter, AirBnB, Fox News, the New York Times, and the PlayStation network for few hours. As typically observed in a DDoS attack, there was a high elevation in the bandwidth of Dyn’s managed DNS platform across Europe and the U.S.
This attack was carried out by a Botnet coordinated through a large number of IoT-enabled devices (including cameras, residential gateways, and baby monitors) that had been infected with Mirai. Mirai is a malware that turns computer systems running Linux into remotely controlled “bots” that can be used as part of a botnet in large-scale network attacks.
Mirai is designed to brute force the security on an IoT device, allowing it to be controlled remotely. The source code of Mirai is published in hacker forums as open source, making the investigation of the perpetrator more difficult. In this DDoS attack, a significant volume of traffic originated from Mirai-based botnets as stated by Dyn.
This attack was made possible due to the use of default passwords on the devices. Default passwords for most devices are widely known. Anyone placing such a device on the internet without first changing the default password is, in effect, enabling attacks of the type witnessed in October, even if they are doing so unwittingly.
Many of the home devices involved in this attack were cameras, residential gateways, baby monitors, routers, etc., in which the default passwords are hardly changed. Hence, the biggest lesson from this attack is to take care of security features on home devices by:
- Changing the default password to a more secure password.
- Keeping your device updated with latest OS-enabling security features.
- Installing reliable virus scanners and detectors in all the possible devices.
In a nutshell, this attack indicates a serious vulnerability in the way the internet functions. One of the biggest challenges for the future is figuring out how to continue getting all the benefits of being active on the internet while still protecting our finances, personal data, and our privacy.