Why the IOT DDOS attack was significant!
Roger Smith
3 x author on securing #nonprofits, #SMEs, Associations and Charities from cyber events using enhance #cybersecurity concepts. Start now, do the self assessment and get your baseline!
The Internet of Things, IOT, based attack that happened last weekend that targeted dyn.com highlights the inherent vulnerabilities in the IOT space. It also highlights how brittle the internet can be.
Like some in the digital security space, we saw the build-up on Thursday / Friday and knew something big was going to happen but without knowledge of the target no one was prepared for the attack when it unfolded.
It is no longer justified or prudent for organisations to release IOT systems that are vulnerable and easily targeted to the market.
IOT is going to and has, in some places, change the world. Last weekend shows that the shiny and new attitude to bringing a product to market, with minimal investment in security, is overshadowed by the brutal impact of what happened.
The technology and innovation that has enabled the proliferation of internet aware systems is still not mature enough to allow for a full suite of security systems and protections to run.
But, Thinking that hardwired default usernames and passwords or using old vulnerable operating systems is a good idea - well that is a different level of stupid.
Any system that is exposed to the internet needs to have some level of protection.
Readily available, automated attack systems used by anyone who considers themselves a "hacker" make a mockery of the anonymity defence.
In today’s business world, if you have 2 or more systems talking to each other - you are a target. If one of them is IOT based then you probably don’t even think you have a problem.
This attack highlights this unforeseen problem.
Security has to be a fundamental requirement for anything that is attached to the digital world.
The largest botnet in the digital world is in the IOT space.
With compromised android devices, gaming consoles and IOT systems, the future is looking pretty bleak if nothing is done shortly.
It is a very steep learning curve, making IOT secure, but we had better learn from this situation as fast a possible.
More of these attacks are on the horizon, are we prepared for them?
I don’t think so.....
It will be interesting to see if the parent company of dyn.com goes after the manufacturers of the venerable systems and seeks compensation.
That will make for an interesting precedent!