Since the beginning of the Internet of Things (IoT), experts have warned of the dangers of “smart” devices’ lack of security, making them easy hijacking targets. On Friday, we saw how the growing use of internet-connected things can serve as widely distributed information weapons when Dyn, Inc., was the target of the largest distributed denial of service (DDoS) attacks known. Cybercriminals went after the major Domain Name Server (DNS), responsible for facilitating the loading of web pages, by militarizing hundreds of thousands of devices in people’s homes such as DVR’s, routers and digital closed-circuit cameras to create what is known as a “botnet” or a digital army in order to execute the DDoS attack, overwhelm Dyn’s systems and bring access to 1,200 web domains to a halt.
Hackers used software known as Mirai to recruit these devices to build their botnet. Unbeknownst to the owner, Mirai infiltrates household devices, which continue to function as normal, giving no indication that the malware is using it as a platform to send severe-clogging messages. The software first infects a computer or home network by utilizing malware from phishing emails, then spreads to everything on it, taking over seemingly innocuous household things.
While the attack is still under investigation, preliminary evidence shows that it was likely carried out by a non-state actor, suspected as being connected to the English-language hacking forum community. And although DDoS attacks are nothing new, this is the first time there has been such a major attack using botnets made up of internet-connected “things” rather than computers, and experts predict the threat will only grow as the use of smart devices continues to skyrocket, expecting use to more than triple by 2020. Many experts, such as Andrew Harris of Liberty Insurance Associates is considering this attack a call to arms for the insurance industry to get involved and develop a standard cyber policy and educate clients on cyber protection and awareness.