TAG | ddos
It is no secret, as revenues from LEDs fade, that the lighting industry is placing a big pile of gambling chips on the success of the Internet of Things, but the hack marks the second major security breach in as many months, suggesting IoT is not yet ready for the big leagues.
A handful of the world’s top websites were targeted during the attack, including The New York Times, CNN and Amazon, making this the most high profile attack to date and one aimed at disrupting the very fabric of the internet in the United States.
The attack was carried by hijacking thousands of IoT devices, which had previously been infected with malicious code allowing attackers to take control of them. The attackers were then able to perform a denial of service (DDoS) by getting the enslaved devices to flood the chosen websites with messages, causing them to crash.
While a claim of responsibility is yet to be made for the attacks, it has been claimed on Twitter that WikiLeaks were responsible.
A tweet issued by WikiLeaks after the DDoS attack on some of the world’s leading websites.
Earlier in the month American internet provider OVH was targeted in an attack that involved the manipulation of 150,000 IoT devices.
‘Companies are simply not doing enough to improve IoT security and there is a lack of awareness and a certain laziness in their attitude towards the issue,’ Ken Munro of ethical hacking firm Penetration testing and security services, which identifies weaknesses in internet security, told Lux.
‘Companies are simply not doing enough to improve IoT security and there is a lack of awareness and a certain laziness in their attitude towards the issue.’
The IoT powered onslaughts are worsening because of the release of the Mirai botnet source code into the public domain. The code contains the necessary information needed to hack into IoT devices and ultilise them for use in DDoS attacks.
Security experts are worried that IoT devices are being built upon outdated operating systems using code that has not been properly tested for security loopholes, which hackers will exploit. The devices are then being rushed to market.
Munro believes that IoT manufacturers need to act now to prevent much more serious security breeches in the future.
‘Governments are becoming more and more concerned about the security risks that IoT poses, and the UK, US and EU governments are even considering legislation to compel firms to act,’ Munroe concluded.
The US Congress, for example, is currently mulling installing some kind of consumer protection into law to protect IoT consumer’s privacy, although talks are still at a very early stage, calls to act though are likely to speed up after this latest attack.
ddos · internet of things · iot · iot security · led lighting · Novel Energy Lighting