On September 20, 2016, the cyber-security news and investigation site Krebs on Security was the target of a sophisticated cyber attack that attempted to take the site offline. This cyber attack was unprecedented in its method and size, offering many lessons for organizations looking to improve their physical and cyber security.
At about 8 p.m. ET, the site was bombarded with about 620 gigabytes of data per second. This type of cyber attack is known as a distributed denial-of-service (DDoS) attack, where the perpetrator uses a network of internet-connected devices to overwhelm a server, causing it to overload and prevent legitimate requests from being fulfilled. A DDoS attack is very similar to having a mob of people cramming the entrance of a small shop, blocking the legitimate customers and disrupting normal business activity.
The Krebs attack is remarkable and unusual in a few ways. First, the size of this attack, which peaked at around 620 gigabytes per second, is the largest DDoS attack to date, as reported by the internet security firm Akamai. Second, the perpetrators used unsecured Internet of things (IoT) devices to carry out their crime. Internet of Things, commonly called IoT, is a collection of physical devices embedded with electronics, software, and sensors – all of which are connected to a network. Experts estimate that the IoT will consist of almost 50 billion devices by 2020. The Krebs attackers were able to hijack multiple IoT devices with malicious code to create a large scale botnet to carry out the attack. This particular botnet was reported to include over 1 million IoT devices including routers, surveillance cameras, printers, and digital video recorders. The unsecured devices were compromised with malware, which commanded the them to communicate by passing messages to one another and ultimately coordinating their actions to attack their unsuspecting victim.
What can be done to prevent Internet of Things devices from being compromised by malware? And what steps can be taken to help ensure that devices connected to a network are secure? Here are 4 best practices to help improve IoT device security.