A recent large-scale series of cyber attacks brought down multiple major websites in the U.S. and now the Department of Homeland Security (DHS) acknowledges IoT device security to be a factor.
“This malware is referred to as Mirai and compromises Internet of Things devices, such as surveillance cameras and entertainment systems connected to the Internet,” said Jeh Johnson, Secretary of Homeland Security.
The widely reported attacks, which affected Amazon, Twitter and Paypal, among others, involved inserting malware into devices to turn them into a network of controllable bots that was directed to attack the servers hosting those websites.
More than 1 million devices were hacked and almost all (96%) of them were IoT devices, according to Level 3 Threat Research Labs.
Most devices affected by the attacks were home routers, network-enabled cameras and digital video recorders, according to DHS.
“The (cybersecurity) center is working with law enforcement, the private sector and the research community to develop ways to mitigate against this and other related malware,” Johnson said.
“The department has also been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.”
Other government agencies also are working to prevent future IoT cyber attacks.
The U.S. Defense Advanced Research Projects Agency (DARPA) is investing more than $26 million this fiscal year to develop systems to protect users from this type of cyber attack. The previous budget was just under $15 million.
Part of the budget description reads, “these attacks will likely accelerate as the Internet of Things expands to new classes of devices that in many cases will be deployed with inadequate security controls: attackers will incorporate poorly defended IoT devices in their botnets.”
DHS now recommends disconnecting affected IoT devices from the network, performing a full reboot and changing the username and passwords before reconnecting the devices.