The Internet of Things (IoT) holds a great deal of promise to make everyday devices much easier to use, control, program, and access remotely. From “smart” home thermostats and refrigerators to lights and automobiles, there’s remarkable potential to make our lives easier — but there’s also untold risk that these devices can bring to our day to day lives. Since so many IoT devices are (by their nature) connected to the internet, if they’re not properly secured, they can be easily hijacked by attackers.
The risk of IoT devices being used in attacks may have seemed like a remote possibility until this year, when two massive internet outages brought down major websites and web services for hours at a time. These outages were caused by attacks that used malware called “Mirai,” which not only launches simultaneous attacks on a victim’s server at a central command from the crooks but also scans the internet looking for additional insecure devices. This means the crooks always have an up-to-date list of vulnerable zombies for the next attack.
Often the vulnerability in these devices was nothing complex at all: Quite simply, these IoT devices were still using their default passwords. By some estimates, IoT devices still using their default passwords number nearly half a million at least.
Once the devices were under the malware’s control, they became parts of massive botnets — bred and nurtured by hackers to provide a powerful, dark cloud computing network used to conduct cybercrime attacks, like the recent DDoS attack against popular Domain Name Service (DNS) provider Dyn.
If you own smart devices at home or at work, what can you do to make sure you don’t inadvertently become part of the next internet-attacking botnet, short of unplugging them altogether? The good news is that it’s relatively simple to ensure your computers and devices aren’t part of the next botnet attack.
This paper examines how IoT devices can inadvertently become part of malicious botnets, and the practical, actionable things you can do to protect your devices and your organization from becoming the next soldier in a botnet army.
Download the new Sophos whitepaper to learn how to protect yourself against the risk of botnet infection and watch our ‘Botnet: is your network really protected’ webinar to find out how to easily identify any bots operating on your network and clean them up before they become part of the next cyberattack.