Just last week news magazine Newsweek found itself at the receiving end of a massive DDoS (distributed denial of services) attack shortly after it published a story on Donald Trump and his company’s business deals in Cuba in 1990s.
While Russian hand is suspected behind it still nothing has been confirmed.
DDoS is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack (source: Webopedia).
Not only big organisations even individuals are not spared. Last week, cyber security expert Brian Krebs’ blog krebsonsecurity.com was shut down after his website came under DDoS attack most probably with the help of botnet which took hostage numerous Internet of Things (IoT) devices which included security cameras, routers and digital video recorders (DVRs). The reason for the attack: Brian’s research on DDoS gangs and his recent expose of two people connected with DDoS attacks.
Hacking through compromised CCTVs is really catching on. In June 2016 security research firm Sucuri reported how more than 25,000 IoT CCTV cameras were used in DDoS attack believed to have been hacked via the remote code execution (RCE) flaw recently found to affect CCTV-DVR devices sold by some vendors.
While IoT is the never blue-eyed boy in the tech world also called the next industrial revolution, with every major IT firm declaring its love for this technology. We need not go far back to see how every organisation sees IoT their next Golden Goose. Just last week, enterprise software major SAP announced its plans to invest €2 billion (£1.54bn) over five years to support businesses and government bodies with the IoT. Samsung, which plans to spend $1.2 billion over 4 years on IoT R&D and investments, discussed cooperation in IoT among other things with SoftBank in the last week of September.
While the opportunity is exciting with endless possibilities, such incidents are nothing short of scary. We are talking about a world where everything will be connected which also means how exposed and vulnerable we will be to security issues. Gartner forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 11.4 billion by 2018.
However, the title of largest offensive ever seen most probably goes to France-based hosting provider OVH which according to sources faced 1Tbps DDoS attack on Sept 25.
“Of the identifiable devices participating in these botnets, almost 96 percent were IoT devices (of which 95 percent were cameras and DVRs), roughly 4 percent were home routers and less than 1 percent were compromised Linux servers. This represents a drastic shift in the composition of botnets compared to the compromised server- and home router-based DDoS botnets we’ve seen in the past,” states a blog post published by Level 3 firm.