Cyber security is an essential part in everybody’s life. Every individual has at least some form of security being applied to their life from the devices we are using to the applications we have downloaded and many more. For instance, the smartphone we are using requires passcode, even these is regarded as form of security. Cyber security is also interlinked with themes such as IOT, Cloud Computing, AI, Big Data, Fintech, etc. Internet of ThingsAny device that is connected to the internet is Internet of things.
Some examples of IOT devices are the amazon echo we use at home and the apple watch that we wear, etc. By 2020, Gartner predicted there will be more than 20 billion devices in the world. Thus, the increase in the number of IOT devices, naturally makes it appealing for cyber criminals to initiate an attack.One such incident that occurred was in 2016.
IOT devices were the cause for the biggest DDOS attack that ever happened. The attack was initiated on the French hosting company OVH, which was peaked at 1 Tbps. The main driving factor for this attack was Mirai botnet.In summary, Mirai botnet is a malware that targets and infects IOT devices, which later works together to form a zombie botnet. These zombie botnets will then flood the server leading to website being unavailable.During 2015-2016, there was a rapid number of IOT devices being compromised.
Thus, to keep track of the number of attacks against the IOT devices Symantec created an IOT honeypot. IOT honeypot gradually started collecting data of how devices were attacked and also the number devices being attacked, etc. According to Symantec analysis: In January 2016 an average of 4.6 unique IP addresses were hourly hitting the honeypot. These doubled in December and during peak times, due to Mirai botnet, honeypots started receiving attacks every two minutes.
The main reasons why IOT are compromised:When users buy a device, security is not a priority to them. For instance, they forget to change the default passwords that are set by the device manufactures.When devices receive firmware updates, users do not want to update them. Or even sometimes, some of the devices don’t even have automatic inbuilt software updates.Once a device is bought and installed, users forget them. They are unaware of what is happening to those devices. Sometimes, they don’t even realise that their devices have been compromised and used for malicious purposes.Best practices:Before buying a device, research on what the device can do and what are the security features that it consists.Once a device is bought, perform a check on all the IOT devices running on your network.Change all default credentials, such as passwords and settings.When setting up device, use strong encryption method such as WPA2.Regularly update device’s software