Cautions abound about the risks associated with the Internet of Things (IoT) as it relates to our own personal well-being and homes.
But what if unbeknownst to you, your IoT devices are being used to victimize someone else? That’s exactly what security experts are predicting is the next trend in cyber attacks.
Instead of targeting individuals, hackers are taking control of thousands of malware-infected IoT devices to launch distributed denial-of-service (DDoS) attacks. A DDoS attack is when thousands of individual computers/devices team up together as part of a botnet to overload one machine or network. This results in interrupted service, as the attacked machine or resource cannot perform its normal operations.
Some recent examples include:
- A cybersecurity attack targeted Dyn, a New Hampshire-based internet company that provides domain name systems to some of the most-trafficked sites on the internet took down major sites such as Twitter, Amazon and Spotify recently due to a DNS attack through IoT devices.
- Security journalist Brian Krebs was hit with 600 gigabits per second of network traffic as part of a large DDoS attack that brought down his blog. (The code for this botnet has since been published online, making the likelihood of future attacks imminent.)
- A DDoS took gaming company Blizzard’s servers offline, blocking players from accessing Overwatch, Hearthstone and World of Warcraft games.
- The website of a small jeweler was down for days as a result of an IoT botnet.
Why Are IoT Devices Targeted?
Many owners don’t take the time to update factory passwords. In this case, hackers can scan the Internet for connected devices, attempt to login via a list of commonly used default passwords, and once in, install malware to compromise the device. What’s worse is that many homeowners would never even know their system is affected given the attack is not carried out on them personally.
How Can You Protect Yourself?
The underlying factor for most IoT botnets is that they prey on devices that use default or common passwords. Therefore, to start, homeowners should create unique logins and passwords for all devices connected to the Internet.
Beyond that, other best practices include:
- Before purchasing a device, ask about its security features. As consumers start to demand more from their products, manufacturers will be forced to respond.
- Don’t plug it in and forget it. Install firmware updates as they roll out (note: they are often publicized on the manufacturer’s website), and schedule regular maintenance checks to ensure you’re protected.
- Disable unnecessary features. Review the list of default features, and opt out of any that you don’t need (e.g. remote access to your printer).
- Ensure a secure Internet connection. Set your Wi-Fi router to WPA2 (preferred) or WPA, and make sure it too is password protected.
- Use a wired connection versus wireless, if possible.
- As appropriate, have a professional install your device to ensure proper protection from the offset.
How are you protecting your devices? Speak to an expert about safeguarding your home automation system. Contact Vector Security today! We’ve deployed more than four million connected devices, and can help ensure yours are secure.
Image Source: Geralt