A major distributed denial of service (DDoS) attack on Friday knocked out access to major websites including Netflix, Reddit, Spotify and Airbnb. As security experts have concluded, the attack was apparently carried out when bad actor(s) leveraged internet-connected devices including security cameras to overwhelm DNS company Dyn’s infrastructure.
Dyn translates web addresses into the IP information needed to connect a user with a site. The DDoS attack, which remotely uses internet-connected devices to send such a large amount of traffic to a particularly site that it crashes, harnessed IoT devices to carry out the attack.
IoT security issues have been regularly raised by experts, and slow enterprise adoption. The causality is simple: the more devices connected to the internet, the more possible points of security incursion.
Glenn Fleischman, senior contributor to MacWorld, wrote: “These devices can be hijacked, and that’s been happening lately on an alarmingly broad basis. Tens of millions to hundreds of millions of IoT devices have had malware installed that allows them to be remotely triggered as part of a ‘botnet’ used in a DDoS. A large portion of those are apparently DVRs and home and business security cameras.”
As a solution, he suggests industry-wide certification around IoT security, as well as a defined period of time in which OEMs or device sellers provide security updates.
Here’s an overview of what major IoT companies like Cisco, IBM, Nokia and others are doing to provide scalable, secure internet of things functionality to businesses.