“IoT adoption is rapidly increasing, while security considerations in connected devices remain largely absent”.
The sites were overloaded with junk traffic through internet infrastructure company Dyn on Friday, before the issue was resolved on Friday evening.
Dyn said in a statement that while they regularly experience DDoS blitzes, this large-scale attack was different and “more global in nature“. Services began to stabilise on Friday afternoon. Flashpoint researchers told Krebs all of the electronics boards infected with Mirai share the default “username: root and password xc3511”. Such IoT devices include surveillance cameras, DVRs, Smart TVs and refrigerators. A darker possible explanation could be that these DDoS attacks are used as a “smokescreen” for more lucrative crimes such as password, credit card information and identity theft.
The Department of Homeland Security says while there is no effective way to prevent being part of an attack, there are active steps one can take to reduce the likelihood. The Mirai Malware makes internet attacks easier. “Well, they should be made to own the cleanup efforts as well”. In a phone interview with Fortune, he said the government agencies are in a position to sue the companies selling these devices for unsafe products and deceptive marketing. He suggests keeping devices up to date, changing the default password and regularly updating it to protect devices from DDoS attack.
It’s not just device makers that can help protect against DDoS attacks.
“Mirai is a huge disaster for the “Internet of Things, ‘” said a representative for XiongMai in an emailed statement to CNNMoney“. “This is the first time we’ve ever seen a general attack that affects everybody”. It’s now our job to call on manufacturers and, indeed, the government, to create regulations for stricter security in connected devices. It’s also taken enforcement actions: one in 2013 against the sellers of poorly secured Internet-connected home security cameras and another this year, when it went after ASUS for alleged security weaknesses in popular home routers.
But there are limits to the FTC’s authority.
Of course, the agency also doesn’t have jurisdiction everywhere.
The attacks have even left the White House in suspense.
Because the tactics were about the same, though, Dyn was able to get its servers back up in about half the time, the company said, despite the second strike being from more locations. “They changed their entire line”.
“The technical and social indicators of this attack align more closely with attacks from the Hackforums community than the other type of actors that may be involved, such as higher-tier criminal actors, hacktivists, nation-states, and terrorist groups”, said Flashpoint. Perhaps, he suggested, that could be done through an global industry group. Once that happens, searching the web for the make and model of your device should yield a user and password combination along with a web address you can then key into a browser.