We’ve known this was coming for a while. Security experts have spent the last several years warning us about it. Yet somehow, when the Internet was brought screeching to a halt one Friday in late October of last year, everyone was shocked.
“Experts are saying it’s all because thousands of devices – like DVRs and web-connected cameras – were hacked,” writes CNet’s Laura Hautala. “Once the hackers had control over these devices, they manipulated them into sending an overwhelming number of requests to a company that serves up the websites for Netflix, Google, Spotify and Twitter. When the traffic became too much to handle, the sites crashed. It was an old-school attack — often called a distributed denial of service attack, or DDoS — powered by the new web of devices called the internet of things.”
We recently wrote a piece warning that something like this would happen. In spite of all the efforts that have been made to hold manufacturers of ‘smart’ devices accountable, they’re still woefully ignorant of how to secure their products. In spite of all the attempts to establish standards-based security in the world of embedded systems, security in the Internet of Things is still downright abysmal.
The attack that day is simply the first of many – a proof of concept, if you will. Now that criminals are aware of the potential that exists for botnets made up of ‘smart’ devices, there is no doubt in my mind that we’re on the edge of something massive. The most frightening thought here is that the strength of DDoS attacks might increase to the extent that standard mitigation tools are no longer enough to deal with them.
For all intents and purposes, this is a legitimate concern.
“The IoT is the new battleground for security,” Pedro Abreu, chief strategy officer at ForeScout, told CIO Magazine. “It’s where the entry points are that are really making you vulnerable…the dangers of DDoS attacks are real, and can be exploited for something big.”
But maybe what happened in October will serve as a wake up call for device manufacturers. Maybe in light of the devastating DDoS attack, we’ll see improved security across industries and verticals. It’s certainly possible, but I’m not holding my breath.
In my experience, the only way we’ll convince many manufacturers to care about security is by penalizing them if they don’t, and all we can really do in the meantime is steel ourselves against the coming storm. Create policies to limit connectivity for ‘smart’ devices, ensure redundant networking hardware, and double down on DDoS prevention tools. Have any security concerns? Contact us for assistance and solutions.
Click the button and find out how we can help you stay secure.
Let our professionals deal with it!