IoT Trojan Horse

The new “Trojan Horse” loT

The IoT, Internet of Things, has been a discussion point for many security experts this year. The more technology we introduced into everyday life brings great automation and convenience. But it also brings substantial risk. Consider last Friday’s DDoS (distributed denial of service) attack on the Dyn data centers. This attack took down Netflix, Twitter, PayPal, and other online businesses. What looked like a data center issue at Dyn was really a well-orchestrated cyber-attack. But by whom? While we may not have the answer to this yet, we do know what happened.

It all begins with Chinese manufactured web cameras (IoT devices). Millions of said cameras are in operation and connected to network around the world. They are online so that the owners can connect and monitor their cameras. Everything connected to the Internet is a target for bad actors and hackers.

A new malware named Mirai was created to hunt out and breach these and many other camera systems. And it was REALLY easy. You see the cameras have security, but most users never take the time to change the default credentials. Meaning they just plug in the cameras and are happy they are working. Never giving thought to any security risk! These and all devices connected to the Internet must be secured and must not be left with default settings!

As Mirai searched the internet with a list of 60 known default credentials, it planted a Trojan Horse and reported back to the bad actors awaiting command. Last Friday the bad actors began their attack using the compromised IoT devices to send malicious traffic at the Dyn data center. This traffic hit with such a pace and volume that the data center could not keep up and resulted in service outages. No fault to Netflix or Twitter or PayPal, but it certainly appeared that their systems were down. The reality was they just could not be reached due to this DDoS.

After half a day the threat was mitigated. The Dyn security team was able to deflect traffic and restore services. But there is still a huge risk on the internet and millions of breached IoT devices. The Chinese manufacturer has offered a recall on many of the cameras, and many other models can be fixed with a firmware update. But who really will take action on this? How do people know if they have a breached camera? And would they understand how to update the firmware? There are far more questions than answers at this point.

I can’t help but consider that this could be a nation state sponsored threat. Isn’t anyone else concerned that a foreign nation propagated millions of cameras with embedded credentials that could allow them to take control of them at any time?

This time we lost Netflix and Twitter for a few hours. What if the attack had been directed at our financial institutions or national infrastructure?