The internet was brought to its knees recently following a sophisticated, highly distributed attack on Dyn, a US company that provides domain registration services.
The attack, in which some marquee websites such as Netflix, PayPal, the New York Times and Twitter were taken down temporarily, has left many wondering just how safe the internet really is and once again brought into sharp relief the importance of cybersecurity.
Two notable findings were made in the aftermath of the attacks which were carried out using malware dubbed Mirai:
- Connected devices (hundreds of thousands) were hacked which then carried out the “distributed denial of service” (DDOS) attack, swamping Dyn’s servers with web traffic.
- The code for the malware was released on a popular hacker forum about a month prior to the attack, which means anyone can use it to create their own network of these compromised devices to blast people with traffic.
As more and more South Africans become connected to the internet of things (IoT) to improve their lives by using devices such as surveillance cameras, baby monitors and, increasingly, cars, the risk of cyberattacks remains as high, or even higher, than ever.
The internet if things is a term commonly used to describe objects which are connected to the internet, but non-traditional in that they are not computers, tablets or mobile phones. Rather than being such devices used for communication or traditional downloading, they are everyday objects which have embedded operating systems that use the internet to receive controls from and provide data usage to their owners or third parties such as their manufacturers or utilities providers – Source: Get Safe Online
In the same way that computers and mobile devices are vulnerable to hacking by virtue of being connected to the internet, the risk of a connected device being hacked is arguably greater as it does not even occur to people that these “things” can be compromised in the first place.
While many of the newer, brand name devices are generally safer with ongoing software vulnerabilities being constantly patched, many of the lower-end products have lax security features because manufacturers choose to focus on reducing costs rather than on improving security.
For example, they are shipped with default passwords that are either very difficult or impossible to change, making them a juicy target for hackers.
The biggest part of the problem, suggests industry analysts, seems to be a lack of regulation in the rapidly expanding IoT market. Some estimates suggest that by 2020 there will be over 20 billion devices online.
Add in the lack of consumer awareness about the risk of buying a low-cost insecure device versus a more expensive one that meets certain minimum compliance standards and it paints a pretty bleak picture of the future of internet security.
What you can do to better protect yourself and your devices:
1. Change the default password to one that is difficult to crack/guess but that you can remember. Keep your passwords to yourself
2. If you can’t figure out or change the password on your device ensure your device is behind a firewall
3. Ensure your Wi-Fi password is secured to WPA2 level at all times and do not reveal the access code to unauthorised persons
4. Read the manufacturer’s instructions, especially on connecting to the internet. If anything is not clear, contact the manufacturer
– Source: Get Safe Online