Blog Date: 10/14/2016
Author: Ray Coulombe

You’ve probably heard of Brian Krebs, the journalist who exposes cyber criminals and groups linked to large-scale hacks at retailers, hotel chains and restaurants. Recently, his website was the source of a massive wave of bogus Internet traffic—some 600-700 gigabits per second—that overwhelmed the sites server and it’s content delivery network. Many cameras, broadband routers, and other Internet of Things (aka smart devices) played a part in the attack.

Prolexic, the company owned by Akamai that was protecting Krebs’ site, couldn’t justify supporting his website, krebsonsecurity.com, any longer with this amount of traffic and stopped hosting it. His website was temporarily shut down.

The size of this attack, known as a distributed denial of service (DDoS), isn’t rare. In fact, the cyber hacker responsible for Krebs’ shutdown has launched other large-scale attacks across the web causing other DDoS hits.

In an article, Akamai chief security officer Andy Ellis said that the company is still researching the denial of service attack on Krebs’ site, but he said that his was one of a small number of sites—most based in Europe—that were on the receiving end of the flood of traffic. The previous high for a denial of service attack measured by Akamai was 363 Gbps.

Internet of Things devices are playing a greater role in botnets, according to Akamai. Botnets are made up of tens of thousands of Internet of Things devices, including DVRs and connected IP cameras. These machines are super vulnerable to simple hacks in that both masters are easily able to build up vast networks of compromised systems to send those gigantic amounts of traffic to a specific target.

Just this summer, a botnet of 25,000 CCTV cameras was used to initiate significant attacks across the world. So what does this mean, really?

Action has to be taken at the ISP level and across all IoT device producers. ISPs around the world have to move in effort to shut down access from hacked machines and the device makers need to stop practicing bad habits, like leaving easily guessed default passwords on commercial products. Be sure to investigate the cyber hardening of any IoT-type device before using or recommending, although, right now, that information may be hard to come by.

Hear from a panel of experts this year at the 2016 Securing New Ground event on October 19-20 in New York.

IoT: Embracing Opportunity and Managing Risk
October 19 from 9:10-9:55am
Once defined and restricted by proprietary technology, the security industry has turned the corner and become part of the movement embracing open connectivity and IoT. We embrace the flexibility and simplicity of connecting devices and sensors to our systems, but acceptance has created new vulnerabilities and risk. Hear what industry experts say about how IoT is redefining everything from the consumer and residential markets to the future of enterprise level security.
Learn more

Back to Blog List