Lax IoT security is allowing cyber criminals to syphon bandwidth to launch attacks on big businesses
Internet of Things (IoT) devices are being increasingly used to carry out distributed denial of service attacks (DDoS), spread malware and create botnets.
Research by Symantc’s Security Response team has discovered that cyber criminals are using home networks and everyday consumer connected devices to carry out DDoS attacks on large companies and profitable targets.
Cyber criminals are targeting these network as the lack of security standards in IoT device and a lax approach by their users to change default passwords in home networks makes them an easy target from which hackers can gather cheap bandwidth by stitching together a web of consumer devices and using it to launch DDoS attacks.
When IoT attacks
“As we continue to adopt more internet-connected devices in our daily lives – from fitness trackers and routers to home security systems, smart TVs and baby cameras – cybercriminals are starting to pay attention,” he said.
Many of the IoT devices that are attacked, according to Symantec, are designed to be plugged in and forgotten which leaves them ripe for hacking; so much so that the security company is claiming 2015 to be a record-breaking year for IoT-based attacks.
It noted that over half of these attacks have originated from China and the US, with high numbers coming out of Germany, Russia, the Netherlands, Ukraine and Vietnam. Essentially, the security vulnerabilities of the IoT are a world-wide problem.
Another problem with securing the IoT is the devices are designed to be used for very specific tasks so have little in the way of advanced operating systems and processing power which means they may have basic, if any security, features. While hacking individual sensors or smart lights may not pose a huge security risk in themselves, connecting all these devices together means hackers gain access to the bandwidth they need to launch attacks.
Users of these devices can feel a little relived that they, according to Symantac, are not normally the targets of such hack attacks, but for businesses in the sights of the attacker, they now have another attack vector to secure against.
Symamtec suggests that changing default passwords, keeping devices patched and updates, and disabling features that users do not use on devices, will help reduce the possibility of hackers infiltrating IoT devices.
But the research shines a light on how there needs to be a more rigorous approach to IoT security and standards if the activities of opportunistic cyber criminals are to be curtailed.
Increasingly cyber security companies are bolstering their ability to protect against IoT threats, such as Britain’s BullGuard with its acquisition of Israeli IoT security startup Dojo-labs.