In October 2016, while most people still hadn’t heard of the Internet of Things (IoT), hackers used the internet-connected devices to launch a series Distributed Denial of Service (DDoS) attacks on Dynamic Network Services (Dyn), a major DNS service provider.
The perpetrators used a malware named Mirai to find IoT devices that were still using their factory default passwords. The program enslaved unsecured devices such as remote cameras, printers, DVRs, home routers and baby monitors, merged them into a botnet before launching the DDoS attack. And how many devices were used? Right around 100,000. That’s a very small percentage of IoT devices out there.
While the effect only lasted a few hours, the Dyn DDOS attack showed just how vulnerable we really are as between 1200-1400 websites were disrupted, including Twitter, Amazon, Pinterest, Netflix and PayPal.
The scary thing is, it wasn’t the first time the Mirai malware had been used to launch a DDoS attack. At least two similar attacks took place in the months leading up to the Dyn attack. So what does this mean for the future and security of IoT?
It’s going to get worse.
There’s not a question of if another massive DDoS attack will happen. The question is ‘When?’
Hackers are going to continue to use Mirai to launch DDoS attacks on various websites and networks because it’s easy to do. Most consumers don’t understand enough about their security options when it comes to the IoT devices that make life easy for them. And with several hundred million home routers out there, not to mention DVRs, surveillance cameras, there are more than enough devices available to launch an attack.
Plus, the Dyn systems were hit with an estimated 1.2 terabits per second during the October attack, the largest ever on record. With more sophisticated software combined with Mirai, the next major attack could reach tens of terabits-per-second. By comparison, a really good commercial Wi-Fi transmits at around 500 mbps. So the likelihood of a massive attack, one to dwarf the October attack, isn’t probable. It’s inevitable.
But it will get better.
Despite the potential security risks, IoT markets will continue to expand as IoT devices get cheaper to produce and the innovation matches the potential.
The Dyn attack was a major wake-up call for IoT manufacturers and service providers. They are scared. No one wants to see their company’s name blasted across every news broadcast and website as the weak link in the next major attack. That means everyone is beefing up their security. Enhanced security will be the norm, not a perk in the next generation of IoT. And as the market continues to evolve and grow, the next IoT devices will make the old unsecured ones obsolete, causing consumers to upgrade or be left behind.
As long as IoT companies can weather the coming storm, they’ll be able to make internet-connected devices more secure and less vulnerable to hacker DDoS attacks. Since cyber security isn’t exactly on the average person’s list of concerns, this will be a great relief to everyone since we’re all connected through the web.