Over 1 million Internet of Things (IoT) devices have been compromised in recent months and added to DDoS botnets created with the help of a malware family known as Gafgyt, but also as Lizkebab, BASHLITE, and Torlus. Lane Thames, Software Development Engineer and Security Researcher at Tripwire commented below.
Lane Thames, Software Development Engineer and Security Researcher atTripwire:
“As security researchers, we love providing this type of useful information. We view changing default credentials, using encryption, locking down networks with firewalls, etc. as basic security hygiene. However, the bulk of the IoT market consists of non-technical consumers who, at this time, have very little (if any at all) knowledge of how to make these security conscious changes. This is a ‘technology’ component of security where it is up to the manufacturers to build more secure devices. For example, it is well past time to find a better ‘default credential’ solution. In other words, no one should be shipping devices with default credentials. Device manufactures should be considering new methods to replace the default credential model. The ‘human’ component of security must also be addressed in the long run. We will never have a society where everyone is a cybersecurity specialist. However, our current educational ecosystem is failing us on the cybersecurity front. As a society, we must start integrating the basics of cybersecurity knowledge within our education systems. Even if we could solve the technology component of cybersecurity, our efforts would be in vain without addressing the human component as well.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.