Unless you have been living under the proverbial rock, you probably heard about a number of Internet of Things (IoT) attacks this fall, beginning with KrebsOnSecurity, then OVH, then the DDoS attack on Dyn DNS. All of this started with a bot called Mirai, and involved IoT devices. Why is this important? By 2020, it is estimated that the number of connected devices is expected to grow exponentially to 50 billion. A survey by HP indicates that about 70% of these devices have vulnerabilities, making them the perfect targets for botnets like Mirai.
Below is a collection of 10 blogs written by industry experts on this topic, that will help you fully understand the implications of this botnet and what it means for the future of connected devices.
- Internet of Things or Internet of Threats? IoT is the ability for devices to be connected the Internet and communicate with other devices – think a thermostat knowing automatically when to heat your home without you having to take an action. While these smart devices may seem like a brilliant idea that can save you time and money, there are also risks associated with them. This blog will walk you through the two-part dilemma that is faced when it comes to using these devices and provide a background of the IoT.
- Nine Questions to Ask to Determine IoT Device Safety: If you’re familiar with the IoT, then you’re aware of some of the risks that come with connected devices. From January 5-8, consumers and reporters alike will be flooding Las Vegas, Nevada for the Consumer Electronics Show to learn more about new devices making their debut in 2017. This blog by APAC Security Evangelist David Hobbs will provide nine questions you should ask the manufacturers (regardless of whether you are a consumer or reporter) about the safety of these devices.
- IoT Botnets the Fault of Manufacturers, 69 Percent of Consumers Report in Radware Survey: So you own a connected device, but it was attacked and used to launch a DDoS attack. Who is at fault? According to a survey conducted by Harris on behalf of Radware, 69% of consumers would blame the manufacturer. This blog provides additional results of that survey.
- BusyBox Botnet Mirai – the warning we’ve all been waiting for? Radware’s EMEA Security Evangelist, Pascal Geenens, takes us back to where it began – the attack on KrebsOnSecurity. As he states, “The most concerning fact, and the genius of Mirai, resides in its simplicity for victimizing IoT devices.” This blog will outline how the Mirai botnet works.
- The deplorable state of IoT security: Following the public release of Mirai, the security community began to grow extremely concerned about the potential for additional attacks of that nature. In his second blog, Pascal discusses how the state of IoT security presents a prime opportunity for more attacks.
- How Friday’s Massive DDoS Attack on the U.S. Happened: DNS servers are a like a roadmap to the internet and help users find the websites they are looking for. When an attacker ties up all of the DNS’s resources, legitimate clients are unable to resolve their request. Radware’s ERT Researcher, Daniel Smith, outlines how the attack on Dyn DNS happened in this blog.
- Let’s discuss facts: An insight into Mirai’s source-code: After three major cyber-attacks, speculation abounded on who the attackers were, what their motivation was, the exact attack vectors and the traffic volumes. In this blog post, Radware’s Snir Ben Shimol discusses what we know to be the facts about these attacks.
- Rise of the Machines: How IoT broke the Internet, and the day after tomorrow: In a guest post by Zeina Zakhour, Global CTO of Cyber Security for Atos, she discusses the repercussions of these attacks and what consumers can do to try to prevent similar attacks from occurring again.
- Is Heat Your Thermostat’s First Priority? Remember that smart thermostat that we mentioned? A hacker performed a DDoS attack on a heating distribution system that controlled the heating of two large apartment blocks in Finland back in November, shutting off heat for 20,000 residents. In the Dyn DNS attack, it was discovered that a handful of connected devices, mainly IP cameras, DVRs and routers, were the ones infected by Mirai and used in the attack. In this blog, Pascal discusses how that relates to your smart devices, like thermostats, and whether you should be concerned.
- Cyber Security Predictions: Looking Back at 2016, Peering Ahead to 2017: What do we see on the docket for 2017? We correctly predicted in the 2015–2016 Global Application and Network Security Report that we would see the rise of the Internet of Things, which spawned the largest DDoS attack in history. Radware’s Vice President of Security Solutions, Carl Herberger, discusses our predictions for 2017 in this blog post.
The conversation is still going on the record-breaking volume of the Mirai botnet attack, and doesn’t show signs of slowing. Many security executives have been warning about IoT threats such as this for years, and now the world is finally paying attention.