Hackers have been using household smart devices to attack popular sites such as Twitter, Spotify and Reddit.
For social media addicts like myself, you may be aware that Twitter, Spotify and Reddit were among a list of popular websites that were taken offline on Friday. Security analysts have found that all these sites use a DNS service from the Company Dyn, who fell victim to very large DDoS attack. A DDoS attack (Distributed Denial of Service attack) is where thousands of computers overwhelm a targeted server or network with data, creating so much traffic that it temporarily suspends the internet service.
Analysts at Flashpoint found the attackers used a malware called “Mirai” to form a “botnet”, a group of computers that are infected by malware allowing hackers to gain full remote control. The botnet was then used to send a DDoS attack which temporarily suspended Dyn’s services. Security analyst Brian Krebs explained how the Mirai malware searches the web for IoT (Internet of Things Devices like printers and security cameras), these devices tend to have minimal protection like a factory installed username and password. The attackers then used the devices to flood Dyn’s network with traffic until their services went down.
The attack has alarmed a lot of security analysts as we yet again see how creative hackers can be , but also how vulnerable certain areas of the required fundamental functionality of the world wide web actually is. And with more and more businesses installing smart devices like printers and security cameras, more and more have vulnerabilities on their networks.
Amazon recently released their smart device “Echo” in the UK which uses artificial intelligence and Wifi to be your “personal home assistant”. This means that not only will we see more businesses with smart devices, but homes as well. Something that every business should keep in mind is that adding smart devices onto your network is also adding a new gateway into your network, therefore making your business more vulnerable. There are of course steps you can take that can help with the security of your business when adding smart devices;
- A lot of smart devices come with a ‘Factory default’ password, something that a lot of users never change, ensure you change the ‘Factory default’ password to something a lot more secure.
- Think about whether it is really necessary to add the smart device to your network? Do you really need the device online or are you able to use it offline?
- Don’t advertise what new smart products you have purchased, telling the world that you have purchased a new smart device is also telling the world that there is a new vulnerability or gateway into your network.