Subscribe to our Newsletter | To Post On IoT Central, Click here


cybersecurity (5)

The phrase, “the future is here,” is overused and has evolved into a catchphrase for companies struggling to position themselves in times of technological or digital transformations. Still, the sentiment is understood, especially in times like today, where the Internet of Things is quite literally changing the way we think about hardware and software. We’d like to offer an addendum to the phrase: “The future is here more quickly than we thought it would be.”

Digital transformation, increased computing ability, smart hardware and the growth of connectivity capabilities created a perfect storm of accelerated industry, and many were left scrambling to sift through the large amounts of information and solutions available. With that in mind, we wanted to provide some advice for companies across the industrial sector for the best ways to optimize operations for the Industrial IoT.

1) Upgrade your network and throughput capabilities.

Nothing can kill the ROI of automated processes more quickly than the literal inability to function. It’s important to understand that as you upgrade machinery and invest in the software to run it all, those systems demand greater bandwidth in order to effectively utilize the big data and analytics capabilities. Several options exist, but for most companies some combination of industrial-strength broadband (WiFi), narrow-band, cellular and RF communications will create the most effective network for the needs.

2) Invest in smart hardware.

This may seem like a no-brainer, and really, in the not-too-distant future, you may not even have a choice, but the shift toward Fog Computing is gaining momentum and being able to run decentralized computing between hardware and the Cloud can not only create greater operational efficiency, but it can also allow your data transmission to run more smoothly as well. The beauty of a Fog Computing system is that it allows a greater number of devices to transmit smaller data packets, which frees up bandwidth and speeds real-time data analytics. The core of this lies in the smart hardware.

3) Be proactive about application development.

Smart hardware means that it has the ability to host applications designed specifically for your needs. Previously, many companies shied away from app development because it required highly skilled developers and devices capable of hosting those apps – a combination that wasn’t readily available. Today, the scene has changed. With the rise of Node-RED, it is much easier today to create proprietary applications without a computer engineering degree, and any company serious about leveraging IIoT technology needs to be able to to use the full scope of its data.

4) Secure your communications.

There isn’t much more to be said about the importance of cybersecurity. If the last few years of massive data breaches haven’t rung alarm bells, then you aren’t paying attention. Cybersecurity today is a multi-layered need. Most companies building smart hardware are beginning to build encryption directly into the devices. But, since many companies use Cloud applications for computing and analytics, it is important to invest in strong security measures at that level as well. Unfortunately, the sophistication of cyber-attacks are only going to increase, along with the increase in importance of the data needing to be protected. It pays to be paranoid and act accordingly.

Further Reading:

Read more…

Cybersecurity in Digital age

You must have heard about the global cyberattack of WannaCry ransomware in over 200 countries. It encrypted all the files on the machine and asked for payment. Ransomware, which demands payment after launching a cyber-attack, has become a rising trend among hackers looking for a quick payout.
Every day it seems another news breaks about cyber-criminals hacking in and stealing data, & information. Private companies, government agencies, hospitals…no one is immune. Cybersecurity is no longer buried in the tech section of organizations, newspapers and websites - its front-page news.
With the penetration of the digital movement, cyber-attacks have also doubled year over year, making businesses and government sites more vulnerable.
In simple terms cybersecurity is use of digital technologies to protect company networks, computers and programs from unauthorized access and subsequent damage.
In recent times, every organization has launched a “go-digital” initiative. This has led to explosion of connected environments.
The growing mobility trend has sparked a rapid growth of endpoints that must be secured, and bring-your-own-device (BYOD) programs mean that employees could be accessing sensitive data on unsecured devices.
The prevalence of cloud based services and third party data storing has opened up new areas of risk.
As businesses adopt the new technologies like Big Data, Analytics, IoT & Mobility, the focus must be on how to safeguard the data spread across devices and cloud.
Cybersecurity must be a key factor during your journey to digitally transforming your business, just as you would ensure that your offices, brick-and-mortar store has locks and security systems of the highest quality, your digital storefront must have the same levels of security. If consumers do not trust these digital storefront with their data, or if that trust is broken because of a data breach, the cost to rebuild that trust is incredibly high.
The best way to protect yourself is to be suspicious of unsolicited emails and always type out web addresses yourself rather than clicking on links.
There are different types of attacks we have seen so far:
·        Hackers target the software vulnerabilities that are yet to be discovered  and patched
·        Attack on mobile devices: malwares designed specifically for smartphones to steal data
·        Data leakage: hackers steal the data by interrupting the traffic between organization and cloud environments
·        Programming: hackers use malicious code on any server that gets replicated and allow them to delete, steal data
There are multiple ways to combat these cyber-attacks:
·        Network defense: detect unwarranted traffic e.g. someone communicating with malicious host, malware entry into the network, unauthorized data transfer
·        Detect user access violations: misuse of user access within the system, ensure proper authentications, use of antivirus, malware to prevent steal user information
·        Mobile device protection: detect unauthorized devices or prevent hackers from compromising individual devices.
·        Protect data in motion & rest: ensure data transfers protected within various environments
·        Investment in securing IoT devices – today with everything is connected it is extremely important to secure all access points.
Today with machine learning organizations are in a very good position to know what users are doing that can affect the network and increase risk. Artificial Intelligence is used to constantly learn new malware behaviors and recognize how viruses may mutate to try and get around security systems.
Traditional IT security practices like network monitoring and segmentation will become even more critical as businesses and governments deploy IoT devices.

Recent events have highlighted the growing need for enhanced cybersecurity.

Read more…

Do not stop asking for security in IoT

Almost three years ago, I wrote in my IoT blog  the posts “Are you prepared to answer M2M/IoT security questions of your customers ?. and “There is no consensus how best to implement security in IoT” given the importance that Security has to fulfil the promise of the Internet of Things (IoT).

And during this time I have been sharing my opinion about the key role of IoT Security with other international experts in articles “What is the danger of taking M2M communications to the Internet of Things?, and events (Cycon , IoT Global Innovation Forum 2016).

The Security has been always a tradeoff between cost and benefit

I am honest when I say that I do not known how McKinsey gets calculate the total impact that IoT will have on the world economy in 2025, even on one of the specific sectors, and if they had taking into account the challenge of the Security, but it hardly matters: “The opportunities generated by IoT far outweigh the risks”.

With increased IoT opportunity comes increased security risks and a flourishing IoT Security Market (According with Zion Research the IoT Security Market will growth to USD 464 million in 2020).

A decade of breaches and the biggest attack target yet is looming

We all know the negative impact that news about cyber-attacks has in the society and enterprises. In less than a decade and according to Data Source: ICS- CERT (US) have gone from 39 incidents in 2010 to 295 incidents in 2015.

In a survey published by ATT, the company has logged a 458% increase in vulnerability scans of IoT devices in the last 2 years.

It is a temptation for hackers to test their skills in connected objects, whether connected cars or smart homes appliances. But I'm afraid they will go far beyond attacking smart factories, or smart transportation infrastructure or smart grids.

With the millions of unprotected devices out there, the multitude of IoT networks, IoT Platforms, and developers with lack of security I am one more that believes the biggest attack target yet is looming.

 New Threats

With the Internet of Things, we should be prepared for new attacks and we must design new essential defences.

The complex IoT Security Threat Map from Beecham Research provides an overlayed summary of the full set of threat and vulnerability analyses that is used to help clients shape their strategies. This Threat Map “summary” many of the top 5 features from each of those analyses.

1.       external threats and the top internal vulnerabilities of IoT applications

2.       the needs for robust authentication & authorisation & confidentiality

3.       the features and interactions between multiple networks used together in IoT;

4.       the complexities of combining Service Sector optimised capabilities of differing Service Enablement Platforms;

5.       the implementation and defences of edge device operating systems, chip integration and the associated Root of Trust.

 New Vulnerabilities

The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.

The project looks to define a structure for various IoT sub-projects such as Attack Surface Areas, Testing Guides and Top Vulnerabilities. Bellow the top IoT Vulnerabilities.

 Subex white paper presenting their IoT solution add some real examples of  these vulnerabilities.

Insecure Web Interface: To exploit this vulnerability, attacker uses weak credentials or captures plain text credentials to access web interface. The impact results in data loss, denial of service and can lead to complete device take over. An insecure web interface was exploited by hackers to compromise Asus routers in 2014 that were shipped with default admin user name and password.

Insufficient Authentication/Authorization: Exploitation of this vulnerability involves attacker brute forcing weak passwords or poorly protected credentials to access a particular interface. The impact from this kind of attack is usually denial of service and can also lead to compromise of device. This vulnerability was exploited by ethical hackers to access head unit of Jeep Cherokee2 via WiFi-connectivity. The WiFi password for Jeep Cherokee unit is generated automatically based upon the time when car and head unit is started up. By guessing the time and using brute force techniques, the hackers were able to gain access to head unit.

Insecure Network Services: Attacker uses vulnerable network services to attack the device itself or bounce attacks off the device. Attackers can then use the compromised devices to facilitate attacks on other devices. This vulnerability was exploited by hackers that used 900 CCTV cameras3 globally to DoS attack a cloud platform service.

Lack of Transport Encryption: A lack of transport encryption allows 3rd parties to view data transmitted over the network. The impact of this kind of attack can lead to compromise of device or user accounts depending upon the data exposed. This weakness was exhibited by Toy Talk’s server domain which was susceptible to POODLE attack. Toy Talk helps Hello Barbie doll4 to talk to a child by uploading the words of a child to server and provide appropriate response after processing it. Though there was no reported hack on this, such a vulnerability could easily lead to one.

Privacy Concerns: Hackers use different vectors to view and/or collect personal data which is not properly protected. The impact of this attack is collection of personal user data. This vulnerability was exemplified by the VTech hack5 wherein in hackers were able to steal personal data of parents as well as children using VTech’s tablet.

Who owns the problem?

With the IoT we are creating a very complicated supply chain with lots of stakeholders so it's not always clear 'who owns the problem'. By way of an example with a simple home application and not Super Installers around; if you buy a central heating system and controller which requires you to push a button to increase the temperature then if it stops working you contact the company who supplied it. But if you buy a central heating boiler from one company, a wireless temperature controller from another, download a mobile App from another and have a weather station from another supplier then whose job is it to make sure it's secure and reliable? The simple cop-out is to say 'the homeowner bought the bits and connected them together therefore it's their responsibility' – well I'm sorry but that isn't good enough! 

Manufacturers can't simply divest themselves of responsibility simply because the home owner bought several component parts from different retailers. As a manufacturer you have a responsibility to ensure that your product is secure and reliable when used in any of the possible scenarios and use cases which means that manufacturers need to work together to ensure interoperability – we all own the problem!

This might come as a shock to some companies/industries but at some level even competitors have to work together to agree and implement architectures and connectivity that is secure and reliable. Standardization is a good example of this, if you look at the companies actively working together in ISO, ETSI, Bluetooth SIG etc. then they are often fierce competitors but they all recognize the need to work together to define common, secure and reliable platforms around which they can build interoperable products.  

If Cybersecurity is already top of mind for many organizations, is justified the alarm of lack of security in IoT?

In this three last years of evangelization of IoT, it has been no event or article not collect questions or comments on IoT Security and Privacy.

The good news is that according with the ATT State of IoT Security survey 2015, 85% of global organizations are considering exploring or implementing an IoT strategy but the bad news is that only 10% are fully confident that their connected devices are secure.

Source: ATT State of IoT Security survey 2015

And if we consider the report of Auth0, it scares me that only 10% of developers believe that most IoT devices on the market right now have the necessary security in place.

 

Source: Auth0

In a publication from EY titled “Cybersecurity and the IoT”, the company define three Stages to classify the current status of organizations in the implementation of IoT Security.

Stage 1: Activate

Organizations need to have a solid foundation of cybersecurity. This comprises a comprehensive set of information security measures, which will provide basic (but not good) defense against cyber-attacks. At this stage, organizations establish their fundamentals — i.e., they “activate” their cybersecurity.

Stage 2: Adapt

Organizations change — whether for survival or for growth. Threats also change. Therefore, the foundation of information security measures must adapt to keep pace and match the changing business requirements and dynamics otherwise they will become less and less effective over time. At this stage, organizations work to keep their cybersecurity up-to-date; i.e., they “adapt” to changing requirements.

Stage 3: Anticipate

Organizations need to develop tactics to detect and detract potential cyber-attacks. They must know exactly what they need to protect their most valuable assets, and rehearse appropriate responses to likely attack/incident scenarios: this requires a mature cyber threat intelligence capability, a robust risk assessment methodology, an experienced incident response mechanism and an informed organization. At this stage, organizations are more confident about their ability to handle more predictable threats and unexpected attacks; i.e., they anticipate cyber-attacks.

 

What enterprises needs to do

If you are thinking only in the benefits of IoT without consider the Security as a key component in your strategy you will probably regret very soon. Here below some recommendations either before start your IoT journey or if you are already started. Hope is not too late for wise advices.

Key Takeaways

With the proliferation and variety of IoT Devices, IoT Networks, IoT Platforms, Clouds, and applications, during the next few years we will see new vulnerabilities and a variety of new attacks. The progress in the security technologies and processes that prevent them will be key for the adoption of IoT in enterprises and consumers.

In the future Internet of Things world an end to end security approach to protect physical and digital assets. The ecosystems of this fragmented market must understand the need of Security by Design and avoid the temptation to reduce cost at the expense of the security.

Do not stop asking for security when you buy a connected product or use an IoT Service, the temptation of time to market, competitive prices and the lack of resources must not be an excuse to offer secure IoT solutions to enterprises, consumers and citizens.

 

Thanks in advance for your Likes and Shares

Thoughts ? Comments ?

Read more…

As if the Internet of Things (IoT) was not complicated enough, the Marketing team at Cisco introduced its Fog Computing vision in January 2014, also known as Edge Computing  for other more purist vendors.

Given Cisco´s frantic activity in their Internet of Everything (IoE) marketing campaigns, it is not surprising that many bloggers have abused of shocking headlines around this subject taking advantage of the Hype of the IoT.

I hope this post help you better understand what is  the role of Fog Computing  in the IoT Reference Model and how companies are using IoT Intelligent gateways in the Fog to connect the "Things" to the Cloud through some applications areas and examples of Fog Computing.

The problem with the cloud

As the Internet of Things proliferates, businesses face a growing need to analyze data from sources at the edge of a network, whether mobile phones, gateways, or IoT sensors. Cloud computing has a disadvantage: It can’t process data quickly enough for modern business applications.

The IoT owes its explosive growth to the connection of physical things and operation technologies (OT) to analytics and machine learning applications, which can help glean insights from device-generated data and enable devices to make “smart” decisions without human intervention. Currently, such resources are mostly being provided by cloud service providers, where the computation and storage capacity exists.

However, despite its power, the cloud model is not applicable to environments where operations are time-critical or internet connectivity is poor. This is especially true in scenarios such as telemedicine and patient care, where milliseconds can have fatal consequences. The same can be said about vehicle to vehicle communications, where the prevention of collisions and accidents can’t afford the latency caused by the roundtrip to the cloud server.

“The cloud paradigm is like having your brain command your limbs from miles away — it won’t help you where you need quick reflexes.”

Moreover, having every device connected to the cloud and sending raw data over the internet can have privacy, security and legal implications, especially when dealing with sensitive data that is subject to separate regulations in different countries.

IoT nodes are closer to the action, but for the moment, they do not have the computing and storage resources to perform analytics and machine learning tasks. Cloud servers, on the other hand, have the horsepower, but are too far away to process data and respond in time.

The fog layer is the perfect junction where there are enough compute, storage and networking resources to mimic cloud capabilities at the edge and support the local ingestion of data and the quick turnaround of results.

The variety of IoT systems and the need for flexible solutions that respond to real-time events quickly make Fog Computing a compelling option.

The Fog Computing, Oh my good another layer in IoT!

A study by IDC estimates that by 2020, 10 percent of the world’s data will be produced by edge devices. This will further drive the need for more efficient fog computing solutions that provide low latency and holistic intelligence simultaneously.

“Computing at the edge of the network is, of course, not new -- we've been doing it for years to solve the same issue with other kinds of computing.”

The Fog Computing or Edge Computing  is a paradigm championed by some of the biggest IoT technology players, including Cisco, IBM, and Dell and represents a shift in architecture in which intelligence is pushed from the cloud to the edge, localizing certain kinds of analysis and decision-making.

Fog Computing enables quicker response times, unencumbered by network latency, as well as reduced traffic, selectively relaying the appropriate data to the cloud.

The concept of Fog Computing attempts to transcend some of these physical limitations. With Fog Computing processing happens on nodes physically closer to where the data is originally collected instead of sending vast amounts of IoT data to the cloud.

Photo Source: http://electronicdesign.com/site-files/electronicdesign.com/files/uploads/2014/06/113191_fig4sm-cisco-fog-computing.jpg

The OpenFog Consortium

The OpenFog Consortium, was founded on the premise based on open architectures and standards that are essential for the success of a ubiquitous Fog Computing ecosystem.

The collaboration among tech giants such as ARM, Cisco, Dell, GE, Intel, Microsoft and Schneider Electric defining an Open, Interoperable Fog Computing Architecture is without any doubt good news for a vibrant supplier ecosystem.

The OpenFog Reference Architecture is an architectural evolution from traditional closed systems and the burgeoning cloud-only models to an approach that emphasizes computation nearest the edge of the network when dictated by business concerns or critical application the functional requirements of the system.

The OpenFog Reference Architecture consists of putting micro data centers or even small, purpose-built high-performance data analytics machines in remote offices and locations in order to gain real-time insights from the data collected, or to promote data thinning at the edge, by dramatically reducing the amount of data that needs to be transmitted to a central data center. Without having to move unnecessary data to a central data center, analytics at the edge can simplify and drastically speed analysis while also cutting costs.

Benefits of Fog Computing

  • ·         Frees up network capacity - Fog computing uses much less bandwidth, which means it doesn't cause bottlenecks and other similar occupancies. Less data movement on the network frees up network capacity, which then can be used for other things.
  • ·         It is truly real-time - Fog computing has much higher expedience than any other cloud computing architecture we know today. Since all data analysis are being done at the spot it represents a true real time concept, which means it is a perfect match for the needs of Internet of Things concept.
  • ·         Boosts data security - Collected data is more secure when it doesn't travel. Also makes data storing much simpler, because it stays in its country of origin. Sending data abroad might violate certain laws.
  • ·         Analytics is done locally- Fog computing concept enables developers to access most important IoT data from other locations, but it still keeps piles of less important information in local storages;
  • ·         Some companies don't like their data being out of their premises- with Fog Computing lots of data is stored on the devices themselves (which are often located outside of company offices), this is perceived as a risk by part of developers' community.
  • ·         Whole system sounds a little bit confusing- Concept that includes huge number of devices that store, analyze and send their own data, located all around the world sounds utterly confusing.

Disadvantages of Fog Computing

Read more: http://bigdata.sys-con.com/node/3809885

Examples of Fog Computing

The applications of fog computing are many, and it is powering crucial parts of IoT ecosystems, especially in industrial environments. See below some use cases and examples.

  • Thanks to the power of fog computing, New York-based renewable energy company Envision has been able to obtain a 15 percent productivity improvement from the vast network of wind turbines it operates. The company is processing as much as 20 terabytes of data at a time, generated by 3 million sensors installed on the 20,000 turbines it manages. Moving computation to the edge has enabled Envision to cut down data analysis time from 10 minutes to mere seconds, providing them with actionable insights and significant business benefits.
  • Plat One is another firm using fog computing to improve data processing for the more than 1 million sensors it manages. The company uses the Cisco-ParStream platform to publish real-time sensor measurements for hundreds of thousands of devices, including smart lighting and parking, port and transportation management and a network of 50,000 coffee machines.
  • In Palo Alto, California, a $3 million project will enable traffic lights to integrate with connected vehicles, hopefully creating a future in which people won’t be waiting in their cars at empty intersections for no reason.
  • In transportation, it’s helping semi-autonomous cars assist drivers in avoiding distraction and veering off the road by providing real-time analytics and decisions on driving patterns.
  • It also can help reduce the transfer of gigantic volumes of audio and video recordings generated by police dashboard and video cameras. Cameras equipped with edge computing capabilities could analyze video feeds in real time and only send relevant data to the cloud when necessary.

See more at: Why Edge Computing Is Here to Stay: Five Use Cases By Patrick McGarry  

What is the future of fog computing?

The current trend shows that fog computing will continue to grow in usage and importance as the Internet of Things expands and conquers new grounds. With inexpensive, low-power processing and storage becoming more available, we can expect computation to move even closer to the edge and become ingrained in the same devices that are generating the data, creating even greater possibilities for inter-device intelligence and interactions. Sensors that only log data might one day become a thing of the past.

Janakiram MSV  wondered if Fog Computing  will be the Next Big Thing In Internet of Things? . It seems obvious that while cloud is a perfect match for the Internet of Things, we have other scenarios and IoT solutions that demand low-latency ingestion and immediate processing of data where Fog Computing is the answer.

Does the fog eliminate the cloud?

Fog computing improves efficiency and reduces the amount of data that needs to be sent to the cloud for processing. But it’s here to complement the cloud, not replace it.

The cloud will continue to have a pertinent role in the IoT cycle. In fact, with fog computing shouldering the burden of short-term analytics at the edge, cloud resources will be freed to take on the heavier tasks, especially where the analysis of historical data and large datasets is concerned. Insights obtained by the cloud can help update and tweak policies and functionality at the fog layer.

And there are still many cases where the centralized, highly efficient computing infrastructure of the cloud will outperform decentralized systems in performance, scalability and costs. This includes environments where data needs to be analyzed from largely dispersed sources.

“It is the combination of fog and cloud computing that will accelerate the adoption of IoT, especially for the enterprise.”

In essence, Fog Computing allows for big data to be processed locally, or at least in closer proximity to the systems that rely on it. Newer machines could incorporate more powerful microprocessors, and interact more fluidly with other machines on the edge of the network. While fog isn’t a replacement for cloud architecture, it is a necessary step forward that will facilitate the advancement of IoT, as more industries and businesses adopt emerging technologies.

'The Cloud' is not Over

Fog computing is far from a panacea. One of the immediate costs associated with this method pertains to equipping end devices with the necessary hardware to perform calculations remotely and independent of centralized data centers. Some vendors, however, are in the process of perfecting technologies for that purpose. The tradeoff is that by investing in such solutions immediately, organizations will avoid frequently updating their infrastructure and networks to deal with ever increasing data amounts as the IoT expands.

There are certain data types and use cases that actually benefit from centralized models. Data that carries the utmost security concerns, for example, will require the secure advantages of a centralized approach or one that continues to rely solely on physical infrastructure.

Though the benefits of Fog Computing are undeniable, the Cloud has a secure future in IoT for most companies with less time-sensitive computing needs and for analysing all the data gathered by IoT sensors.

 

Thanks in advance for your Likes and Shares

Thoughts ? Comments ?

Read more…

EDITOR'S NOTE: This story originally appeared on the A10 Networks blog.

A pair of distributed denial-of-service (DDoS) attacks against high-profile targets last week rank among the largest DDoS attacks on record. And a common thread has emerged: these attacks are leveraging botnets comprising hundreds of thousands of unsecured Internet of Things (IoT) devices.

OVH attack reaches 1 Tbps

European Web hosting company OVH confirmed last week that it suffered a string of DDoS attacks that neared the 1 Tbps mark. On Twitter, OVH CTO Octave Klaba said the attacks OVH suffered were “close to 1 Tbps” and noted that the flood of traffic was fueled by a botnet made up of nearly 150,000 digital video recorders and IP cameras capable of sending 1.5 Tbps in DDoS traffic. Klaba said OVH servers were hit by multiple simultaneous attacks exceeding 100 Gbps each, totaling more than 1 Tbps. The most severe single attacks that was documented by OVH reached 93 million packets-per-second (mpps) and 799 Gbps.

SC Magazine UK quoted security researcher Mustafa Al-Bassam as saying the DDoS attack against OVH is “the largest DDoS attack ever recorded.”

Krebs gets slammed

The OVH attack came on the heels of another gargantuan DDoS incident, this one targeting respected cybersecurity blog Krebsonsecurity.com, which knocked the site offline for several hours.

“The outage came in the wake of a historically large distributed denial-of-service (DDoS) attack which hurled so much junk traffic at Krebsonsecurity.com that my DDoS protection provider Akamai chose to unmoor my site from its protective harbor,” Brian Krebs wrote, adding that he has since implemented DDoS protection from Google’s Project Shield.

The attack on Krebs clocked in at a massive 620 Gbps in size, which is several orders of magnitude more traffic than is typically necessary to knock most websites offline.

SecurityWeek reported that Krebs believes the botnet used to target his blog mostly consists of IoT devices — perhaps millions of them — such as webcams and routers that have default or weak credentials.

“There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called ‘Internet of Things,’ (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords,” Krebs wrote.

Reports indicate that the attack was in response to Krebs reporting on and exposing vDOS, a service run by two Israelis who were offering a DDoS-as-a-Service play and were arrested after Krebs’ story was published.

IoT insecurity

Security researchers have warned that improperly secured IoT devices are more frequently being used to launch DDoS attacks. Symantec last week noted that hackers can easily hijack unsecured IoT devices due to lack of basic security controls and add them to a botnet, which they then use to launch a DDoS attack.

“Poor security on many IoT devices makes them soft targets and often victims may not even know they have been infected,” Symantec wrote. “Attackers are now highly aware of lax IoT security and many pre-program their malware with commonly used and default passwords.”

And while DDoS attacks remain the main purpose of IoT malware, Symantec warned that the proliferation of devices and their increased processing power may create new ways for threat actors to leverage IoT, such as cryptocurrency mining, information stealing and network reconnaissance.

 

Read more…

Upcoming IoT Events

More IoT News

IoT Career Opportunities