It has been reported that up to a million organisations around the world have already been infected by a new computer bot network that has the potential to “take down the internet”, researchers warn. According to cybersecurity company Check Point, a new botnet has been spotted, which is enslaving internet-of-things (IoT) devices – mainly internet routers and remote cameras. IT security experts commented below.
Stephanie Weagle, VP at Corero Network Security:
“Despite its advantages, IoT comes with a host of security disadvantages. IoT devices are most often poorly managed, patched and secured; they are prime targets for hacker infiltration and takeover. Aside from the personal privacy and security concerns that result from these security gaps, the bigger danger is that these connected devices can be harnessed by hackers for a variety of nefa rious purposes; DDoS attacks are prominent amongst them.
“In addition, attackers are becoming more creative and using new techniques to wreak havoc with IoT botnets. These botnets can be rented for any duration, size and scale that the attacker pleases – aimed at any target. As we approach the one year anniversary of the massive Mirai botnet aimed at Dyn, security experts are reminded of the significant ripple effect of damage that attack had on the Internet. it’s not surprising at all that another ‘DDoS Armageddon’ is on the horizon.
“The DDoS protection of today requires robust modern DDoS defenses that will provide both instantaneous visibility into DDoS events, real-time mitigation as well as long-term trend analysis to identify adaptations in the DDoS landscape to deliver proactive detection and mitigation techniques.”
Lee Munson, Security Researcher at Comparitech.com:
“The end of the world may not be nigh but the internet appears to be at severe risk of compromise and the biggest facilitators of that prediction of doom are insecure Internet of Things devices.
As information security experts have been warning forever, it seems, a number of internet-connected fridges, kettles and lightbulbs, along with the ever-vulnerable batch of routers and cameras, have all been marked for takeover by a new botnet.
That this should be devastating if it comes to pass is hardly a surprise given how many manufacturers of IoT devices care little for security before selling their shiny new products.
While businesses may have the resources to ensure such devices in the workplace are not contributing to the problem, none of their technical controls will be much good in the face of a marauding army of household gadgets intent of knocking them off the grid with a DDoS attack, the likes of which have not been seen before.
Therefore, it is vital that manufacturers do their part in securing the devices of tomorrow before they are allowed to destroy or severely disrupt the internet world they will be ultimately be joining.”
Mark James, Security Specialist at ESET:
“With the sheer amount of IoT devices, supposedly exceeding £20 billion in 2017, it makes perfect sense that malware writers and indeed digital criminals will utilise as many of those devices as possible to help them plunder theinternet. Unlike normal criminal activity it’s not governed by boundaries- it makes no difference if the compromised device exists in the UK, USA or Australia, it’s all fair game to them.
Alongside food and water, the internet is fast becoming something we cannot exist without. Everywhere we go we want to be connected, to do that effectively we need internet routers ,and as crime increases and funding for manpower decreases, the availability and cost of remote cameras seems the easiest solution to keep an eye on things. These two electronic devices exactly meet the requirements botnets need- the ability to understand remote commands, connect or distribute internet and be able to send information onwards.
As devices get cheaper, it can in some cases go hand in hand with reduced security- on the other hand to offer something that the end user can “plug and play” easily, they have to ship it as user friendly as possible. It’s not always going to the a tech guru installing; as this technology becomes more widely available, the average user needs to be able to order, receive, (pre)setup and forget as quickly as possible to make it desirable for the untechnical user to embrace.
All of these features make the perfect recipe for disaster- one we have seen before, we will see again, and one which, worryingly, we will continue to see until security becomes a minimum standard for any internet connected device.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.