According to marketsandmarkets The Internet of Things market size is estimated to grow from USD 157.05 Billion in 2016 to USD 661.74 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 33.3% from 2016 to 2021. All industry verticals are undergoing a huge transformation in a bid to move toward affordable, accessible, and quality services to their customers.
According to News published by Livemint Indian IoT market to touch $15 billion by 2020: Nasscom. The Internet of Things sector is set to get major boost from industrial IoT, which currently accounts for 60% along with consumer-driven smart home devices and wearables.
All these development actually excites us to see the growth of Technology and innovations. But at the same time IoT Cyber Security threats takes out all excitement and leave us in midst of confusing and alarming stage. Let’s look at IoT Cyber Security Threats – DDoS attack and how it brought down major sites like Twitter, Reddit, Paypal.
The brutal IoT DDoS cyber attack of October 21, 2016, which took place at Dyn (a major provider of DNS services) caused many Internet platforms and services unavailable to large swathes of users in Europe and North America.
Some spectacular things about the attack were:
- Dyn was attacked by two large and complex DDoS attacks from approximately 11:10 UTC to 13:20 UTC and then again from 15:50 UTC until 17:00 UTC. This attack was targeted on its “Managed DNS” infrastructure, causing service interruptions across the internet for people on the East Coast. This attack caused a significant impact on Dyn’s customers and their end users before they were successfully mitigated by Dyn’s Engineering and Operations teams.
- Like a typical DDoS attack, this attack was conducted by directing a huge amount of bogus traffic at targeted servers of Dyn bringing down many major company websites like Netflix, Reddit, GitHub, Verizon, PayPal, Twitter, AirBnB, Fox News, the New York Times and the PlayStation network for few hours. As typically observed in a DDoS attack, high elevation in the bandwidth of Dyn’s Managed DNS platform across Europe and US.
- This attack was carried out by a BOTNET coordinated through a large number of Internet of Things-enabled (IoT) devices, including cameras, residential gateways, and baby monitors, that had been infected with Mirai. Mirai is a malware that turns computer systems running Linux into remotely controlled “bots”, that can be used as part of a botnet in large-scale network attacks.
- Mirai is designed to brute force the security on an IoT device, allowing it to be controlled remotely. The source code of Mirai is published in hacker forums as open source making the investigation of the perpetrator more difficult. In this DDoS attack, a significant volume of traffic originated from Mirai-based botnets as stated by Dyn.
- This attack was made possible due to the use of default passwords on the devices. Default passwords for most devices are widely known, anyone placing such a device on the internet without first changing the default password is, in effect, enabling attacks of the type witnessed on October 21, even if they are doing so unwittingly.
- Many of the home devices involved in this attack were cameras, residential gateways, baby monitors, routers, etc where default passwords are hardly changed. Hence the biggest learning from this attack is to take care of security features on home devices by:
- Changing the default password to a more secure password.
- Keeping your device updated with latest OS enabling security features.
- Installing reliable virus scanners and detectors in all the possible devices.
- In a nutshell, this attack indicates a serious vulnerability in the way the internet functions. Hence one of the biggest challenges for future is how do we continue getting all the benefits of being active on the internet but protect our finances, personal data and our privacy.
Are you also thinking about how IoT Cyber Security threats can cause an alarming situation for you? Get our Free Audit and find out How secure is your current environment?