The much-feared robot apocalypse is here, and it seems like our trusted friend, the internet, is its prime target. What sounds like something from a horrifying sci-fi movie, actually happened as over 5000 connected devices, including light bulbs and vending machines of a university, attacked their personal internet network due to a DDoS assault by unidentified hackers.
We have already seen such hack attacks on the poorly secured internet of things (IoT) devices, but in the latest incident reported by Verizon’s Data Breach Digest 2017; a rare case of IoT devices attacking their network was seen. The gadgets made hundreds of automated Domain Name Service (DNS) searches every 15 minutes, which brought the university’s network connectivity to a grinding halt.
The majority of the searches
“showed an abnormal number of sub-domains related to seafood”
as reported by Verizon. Below is an abstract from the Data Breach Digest:
The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to our IoT infrastructure.
With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies.
While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet.
Verizon’s RISK (Research, Investigations, Solutions and Knowledge) team investigated the attack and found some known indicators in the firewall and DNS logs that portrayed a DDoS attack. Out of the thousands of domains requested; only 15 distinct IP addresses got back the results, while four of these IP addresses along with almost 100 of the domains showed up in indicator lists for an IoT botnet.
So all of a sudden, vending machines and lamp posts on the campus simultaneously started searching for seafood, with the overwhelming frequency bringing the entire network down. Luckily, stopping the DDoS attack did not require changing “every soda machine and lamp post.”
Instead, Verizon’s RISK team,
“explained that the botnet spread from device to device by brute forcing default and weak passwords”.
To stop the hack, the team intercepted a clear-text malware password being used to control the compromised IoT devices. The password was then used
“to perform a change before the next malware update”.
While the university got out of jail relatively scot-free, the problem in itself is more deep-rooted. More than 6 billion IoT devices are currently active around the world, with most of them incredibly vulnerable to such DDoS attacks.
How do you think can the safety of these devices be improved? Comment below!