There is every indication that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — mainly routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.
Krebs site was brought down with a Denial of Service attack that was 2x larger than any ever done before (approximately). As highlighted above, the majority of this was executed leveraging IoT devices that were sold and or setup insecurely. I am not pointing fingers here, but this if anything must be a clear call to action to all of us in the consumer business to address these massive cybersecurity concerns at their inception (within the product development cycles and the core components (Raspberry Pi I am looking at you .. open source libraries, you too). Note most of those devices are on the consumer end of the “who is responsible for updating, patching, securing, and cleaning up” ownership spectrum.
We are developing and deploying code at scale and currently there are 10 BILLION Internet connected devices (IoT), and this is only going to radically increase. Now is our chance to protect the stability of our connected world, ensure the safety of our families, and maintain the integrity of our life dependent services.
Curious … on the IoT scale problem? Check out this fun Infographic from Verizon chock full of stats across industries. This is not F.U.D., but a challenge for us to ensure the platforms we are creating can be sustained, and those associated freedoms – such as Krebs excellent work, can persevere.