“The hackers, whose identity is still unknown at this point, used not one, but two networks—commonly referred to as “botnets” in hacking lingo—made of around 980,000 and 500,000 hacked devices, mostly internet-connected cameras, according to Level 3 Communications, one of the world’s largest internet backbone providers. The attackers used all those cameras and other unsecured online devices to connect to the journalists’ website, pummeling the site with requests in an attempt to make it collapse. “ – Motherboard
I have already mentioned that in a coordinated attack mobile devices can easily become a weapon for DDoS attacks. Now we have just seen that it can happen with webcams.
Botnet of Things, what a “beautiful” picture. On the ITBN Conference last week, Edwin van Andel aka @Yafsec quoted his hacker colleagues in his speech: “the S stands for security in IoT”, that basically tells it all.
I remember the site with open access to thousands of internet webcams has been staying online for months. Owners have not changed the passwords of their cams or took the devices offline even AFTER they got published.
Even though OTA (Online Trust Alliance) long ago published its trust framework of the security best practices and guidelines for IoT devices I still see very little improvement in the area.
But I’m afraid the main drive will remain to be the negligence of users since it is them who do not put strict security requirements on the top of their feature priorities.
Cisco’s Cyber Security Expert György Ács mentioned at ITBN that our smart devices (fridges, TVs, thermostats) can and probably will become a target of attacks, be it ransomware or any other kind of malicious code. Imagine the attacks of the zombie fridges that takes down the network of a company, let alone the zombie chickens from the fridge.