Tuesday, June 28, 2016

IoT Botnet: 25,513 CCTV Cameras Used in Crushing DDoS Attacks

It's only a matter of time before these types of attacks proliferate.

June 28, 2016 -- Eskenzi PR -- Researchers from security firm Sucuri have encountered a denial-of-service botnet that's made up of more than 25,000 internet-connected closed circuit TV devices. The malicious network was discovered whilst Sucuri was defending a small brick-and-mortar jewellery shop against a distributed denial-of-service attack. After the DDoS continued for several days, Sucuri researchers soon discovered the individual devices carrying out the attack were CCTV boxes that were connected to more than 25,500 different IP addresses, located in no fewer than 105 countries around the world.

"For over a decade, security professionals have been evangelizing that anything with an IP address can become the victim of a cyber-attack, and anything with an IP address can be used in a cyber-attack," notes Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB. "Here is another case in point whereby a vulnerability has been exploited, remote code execution has been successful, and a botnet has been constructed from devices that rarely, if ever get updated. This problem is going to continue to grow as more and more devices get connected.  IPv6 will serve to increase this problem even further.

"In the world of IPv4, network address translation (NAT) has helped hide devices from attackers on the Internet.  Devices sitting behind a firewall using NAT, are often not visible from the Internet itself.  Although NAT was designed to solve the fossil fuel effect of IPv4, it was never intended to be a security feature - but has helped.  However, in IPv6 the concept of NAT isn’t needed.  Every device can have a publicly visible IP address.  As a result, hacking will grow exponentially."

The Internet of Things (IoT) has attracted strong interest from both academia and industry. Unfortunately, it has also attracted the attention of hackers. Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations brings together some of the top IoT security experts from around the world who contribute their knowledge regarding different IoT security aspects. It answers the question "How do we use efficient algorithms, models, and implementations to cover the four important aspects of IoT security, i.e., confidentiality, authentication, integrity, and availability?"