Imagine hundreds of thousands of connected devices, including ordinary products (such as routers, DVRs, webcams, security cameras, and even smart kitchen gadgets) working in concert to assault a specific and high profile target. Remember that day in late October when weird things happened when you tried to visit some of your favorite websites? This is, in essence, what occurred.
It is called a distributed denial of service (DDoS) attack. It’s when a target is flooded with a deluge of data, temporarily slowing down or shutting down its service. Think of a train door. Three or four people can successfully get in at the same time without incident. If fifteen to twenty try, there is going to be a bit of struggle. If one hundred people try at the same time, the train door will be overwhelmed. A DDoS attack is similar. An attacker, having taken control of a large number of connected devices, can simultaneously point these devices at the intended target, disrupting service and making it far more difficult for legitimate traffic to flow through.
Mirai is a Japanese given name meaning "the future." It’s also the name of a botnet—a network of private computers infected with malicious software and controlled as a group without the owners' knowledge—that is currently wreaking havoc across cyberspace. In October, Mirai was pointed at Dyn, a domain name service provider. This attack disrupted service across many popular websites including PayPal, Twitter, Reddit, Amazon, Netflix, and Spotify. The number of infected devices used in the attack was likely in the six figures. The source code for Mirai has been released online, and it has also been used to attack cybersecurity blog “Krebs on Security,” French internet provider OVH and, most recently, the internet infrastructure of the nation of Liberia.
Mirai has opened a Pandora’s box—one that is connected to a lot more Pandora’s boxes. These devices, a part of the growing Internet of Things (IoT), are almost always connected to the internet and are frequently secured poorly. We are seeing, in stark reality, these IoT devices causing serious problems because of some notable vulnerabilities:
In the meetings industry it is increasingly common for events to be powered by lots of technology and held in facilities that are littered with Web-based cameras, credit card terminals, wireless routers, computer controlled lights, and HVAC. All of this creates a new source of potential problems for meeting owners!
So, what are some easy security steps you can take?
Connected devices are incredible because they allow us to do things that were once unthinkable. But they do not come without risk. It is important to understand the risks while taking basic steps toward enhancing the security of these devices.