Last week’s massive DDoS’ denial of service attack took down a good portion of the Internet, using webcams and DVRs. To put it mildly, it made a mess on the Internet. Major sites like Spotify and Twitter and PayPal were ground to a halt. Reddit, AirBnB, Etsy and the New York Times were paralyzed. They are estimating that six thousand websites were overwhelmed in a cyber-attack launched with a sea of webcams and DVRs quietly taken over and weaponized for attack. Yes, this is new… but more important it shows how vulnerable the internet has become with IoT devices being so vulnerable.
In the aftermath of this massive DDoS attack on DNS, Kelly Jackson Higgins Executive Editor at DarkReading.com worked diligently to provide our IT community with a thorough and insightful report. Her article “Root’ & The New Age Of IoT-Based DDoS Attacks was published on 10/24/2016.
You can read the article in its entirety here.
The Securolytics team of experts was happy to be interviewed for this piece. Many of us believe that this is just the beginning for this type of IoT cyber attack. The floodgates are open!
Inside the Mirai Botnet’s Formation
The cyber attacks that took out Dyn, the DNS service that provides the backbone of many major sites, were powered in part by a botnet of hacked webcams and DVRs known as Mirai. In the Dark Reading article, Vikas Singla, Securolytics co-founder and chief operating officer is quoted. “We discovered that two basic factors contributed to the Mirai botnet’s formation. First off, we found that some IoT devices, including webcams, routers, and DVRs, literally broadcast their model numbers and software version information when you connect to them online. “IoT devices tell you what they are … servers don’t do that,” notes Singla. Also, the experts at Securolytics found that IoT devices used in the Mirai botnet used just one popular IoT default credential: “root.”
Contact us to learn more
Securolytics is stealth IT Security startup in the forefront of proactively protecting IoT devices from cyber attacks with its www.zerotosecure.io. It is cloud-based threat detection and analytics platform purpose-built to address gaps in perimeter-based defenses by identifying the symptoms of a data breach, malware infection and criminal activity through anomaly detection and behavioral analysis.