ilolab - Fotolia
Several internet sites and companies were hit with a series of record-setting DDoS attacks, which were carried out using a botnet of internet-connected devices infected with IoT malware. The devices included home security devices, routers, DVRs and cameras. How do these IoT devices get infected with malware? Are there any best practices for securing IoT devices?
The distributed denial-of-service (DDoS) attacks in late 2016 demonstrated a significant effect on enterprises and the internet at large.
DDoS attacks have increased in volume over the last year -- the Dyn domain name system (DNS) attack by the Mirai botnet of compromised internet of things (IoT) devices peaked at 1.2 Tbps. There was significant collateral damage on major cloud services that used Dyn for DNS. Other victims of IoT botnet DDoS attacks include infosec journalist Brian Krebs' website and the European web hosting firm OVH. A Symantec report found a dozen different IoT malware families infecting IoT devices.
The call to secure IoT devices continues to gain attention, as it has been demonstrated that IoT insecurity has a far reaching impact on the internet.
Internet-connected devices typically get infected by IoT malware because users maintain insecure default configurations and default accounts. While the use of defaults has long been an issue with most endpoints, they have typically been behind firewalls that provided a minimal level of protection.
There are many best practices for developing and deploying IoT devices, but a first step would be to restrict inbound network access from the internet and to change default passwords. Companies should also monitor outbound network traffic for any signs that their routers or IoT devices have been compromised and are being used for DDoS attacks or for routing suspicious traffic.
Learn how bad password security contributed to the Mirai IoT botnet DDoS attacks
Find out how to prevent IoT attacks beyond having network-level defenses
Discover how enterprises can prepare for the growing challenges and risks of IoT
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading
Cloud security providers need to play catch-up with the evolving advancements in cloud technology. Find out what the top CSPs offer today and which ... Continue Reading
Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.