The weaponizing of the Internet of Things (IoT) is here.
Look no further than last Friday (Oct. 21) when mainstream sites that users both frequent and rely on were rendered useless due to a massive distributed denial-of-service (DDoS) attack on the internet domain directory Dyn.
This historic cyberattack caused a ripple of disruption to websites across all sorts of industries — GitHub, Netflix, Twitter, Walgreens, The New York Times, PayPal, Spotify and many others.
It didn’t take long for thousands of Americans to experience the magnitude of a DDoS attack and the potential damage these malicious events can bring about.
According to TechCrunch, the DDoS attack on Dyn was fueled by a botnet known as Mirai, which utilized hacked DVRs and webcams to launch the series of attacks.
Not only has this impacted a number of companies that are now forced to recall their IoT devices that are vulnerable to hacks, but the rise in massive attacks like what happened to Dyn is significantly influencing the DDoS protection markets as well.
“These attacks are not going away,” Ben Herzberg, security group research manager with cybersecurity company Imperva, told The Washington Post.
The challenge in protecting against the type of attacks that caused the recent internet meltdown is that they can be launched from anywhere around the world, but still, there is no mandated regulation that requires device makers to increase the security of the connected devices they put out into the market, Herzberg noted.
“It would be great if we could say, ‘If you want to produce a device connected to the internet, you must go through basic security checks,’ but we don’t have that right now,” he added.
According to Dyn and cybersecurity researches at Flashpoint, the Mirai malware is able to scan the internet, looking specifically for IoT devices that are safeguarded by default or weak passwords. Once those newly compromised devices are at play, hackers can then use them to seek out other vulnerable devices to build a network that can be used to launch attacks.
These issues have helped the dangerous malware to spread quickly around the world. Earlier this month, an investigation by Herzberg and other Imperva researchers identified Mirai-infected devices in 164 countries.