This article discusses the details around the distributed denial-of-service (DDoS) attack that occurred on Friday morning using a large number of Internet of Things devices such as webcams, DVRs, and other smart devices that have minimal security features. Attackers were able to successfully impact the DNS provider Dyn for several hours while interrupting many large sites such as Amazon and Twitter. The attack is being labeled as an easy and non-sophisticated attack using simple devices and easily attainable malware.
The attackers used a botnet program called Mirai to gain control of all these devices. Mirai uses simple telnet commands to search for available devices and cycles through default login information until it is able to successfully gain access. Unlike normal servers, a majority of the IoT devices broadcast their version and model number once you connect to them.
With a large volume of IoT connected devices being added everyday, it raises the new concern of the lack of security in IoT devices. As showed on Friday, we now have to be concerned with a relativity easy attack that criminals can use to disrupt the internet.
http://www.darkreading.com/vulnerabilities—threats/root-of-more-iot-based-ddos-attacks/d/d-id/1327281?
This DDoS attack has to make you think. Hackers are always one step ahead of the security. Organization spend resources to keep devices secure, and don’t even think about some of these things that were used in this attack. We can do the best we can, but must always be prepared to deal with a breach or hack. It’s inevitable.
The article says that “Mirai basically searches for telnet protocol availability,” I was curious what tests I could perform to determine if my environment was vulnerable. One resource I found was ShieldsUP! Have any of you used this to scan your ports and security?
https://www.grc.com/x/ne.dll?rh1dkyd2