How the Internet of Things is putting us at risk – PC World

December 9, 2016 Facebook Twitter LinkedIn Google+ Uncategorized

Picture: Tnarik Innael (Flickr).

Picture: Tnarik Innael (Flickr).

It’s not new news. IoT devices are vulnerable to attack.

We have all heard the reports about baby monitors being hacked, smart cars being taken over and CCTV systems being compromised. But on Friday, 21st October 2016, an attack on smart ‘things’ made global news and should change the way manufacturers, employers and consumers think about the Internet of Things, and change things fast.

One of the largest and most powerful distributed denial of service (DDoS) attacks in recent history hit DNS provider Dyn and its customers, impacting major services like Twitter, Reddit and Spotify. The attack signified what globally, might be the beginning of a new era of internet attacks conducted via “smart” things. Clearly they aren’t as smart as we think, if they can be so easily commandeered by random deviants on the internet to impact major services such as these.

So, we know how it happened, what’s next? How do we as a community of concerned researchers, civil servants and internet users protect our internet and prevent even greater damage from future attacks.

We predicted IoT device attacks would take off when criminals figured out how to monetise them – much like they have with their very lucrative ransomware scams – or align them to their goals. While we have not yet seen any direct financial gain with this widespread attack, it does show just how powerful vulnerabilities in IoT devices are, when in the wrong hands. Others have conducted DDoS as an extortion technique for years and this could be a very dangerous precedent for future attacks. Until now, IoT devices have been protected by a lack of attacker interest. Clearly, this has changed. With the release of this malware code and its use in these recent attacks, cybercriminals have smelled the blood in the water and the sharks are circling. We hadn’t seen evidence of this yet, but historically, cybercriminals have used DDoS to distract security teams while conducting other attacks with bigger financial motives. It could also have been plain old political hacktivism, cyber vandalism or some other fraud.