Tech

Verizon´s Team Revealed How An IoT Attack Almost Took A University Offline

By Luis Fran , Feb 11, 2017 04:43 AM EST
Close

Although technology has increased its power and influence for good, one of the main issues that humanity is facing is the way in which hackers and cyber criminals seem to grow their techniques and skills, which makes cyber security something that is not enough to stop this concerning threat. Unfortunately, one of the main examples of this issue just happened at an unspecific university, since Verizon´s cybercrime sleuth revealed how hackers almost took this institution offline through Internet of Things, also called IoT.

The IoT Problem Was Easily Solved By Verizon´s Team

In fact, what the cyber criminals did was they used the university´s IoT network against itself, which is a modus operandi that is being used among a lot of hackers. According to Verizon´s top data breach investigator Laurance Dine, the thing about this attack was that it wasn't just a combination of IoT from around the world to target somebody as DDoS since it was the universities IoT that was targeted against the university.

Actually, an analysis of the institution´s network later identified over 5,000 devices that were making Domain Name Service, also known as DNS lookups almost every 15 minutes, which was coming from their IoT network, coming from their light sensors and vending machines. As a matter of fact, Verizon´s team eventually determined numbers of domains that were later identified as being on some kind of indicator list for a known botnet, which was spreading from device to device by forcing weak and default passwords. Naturally, this is a common tactic that hackers and cyber criminals use when they make this kind of strikes against a specific target.

Nevertheless, the thing that was quite fortunate for the university was that the commands were being received without any kind of encryption, which means that Verizon´s team had an easy way to solve this issue, by intercepting the clear-text password for a compromised IoT device and change it before the malware ended up being updated. According to Dine, they cut out a network sniffer on the environment, managed to get the password, change it back and finally cut off the issue.

This Kind Of Attack Will Keep Happening

However, what seems as a threatening detail was that Verizon´s investigator also explained that even when this was the first time that he actually witnessed this kind of attack, he suspected that there will be more. Obviously, the great problem is that even when cyber security measures increase its power, hackers and cyber criminals will also increase their ways to make this kind of operations.

In fact, one of the clearest exemplifications is the Mirai botnet, which caused a major concern last year, given the fact that in this operation the hackers managed to exploit routers and home security cameras with little or no single password protection, and eventually use the power to take down really important websites as Twitter, Netflix or even Reddit.

Also, Verizon´s investigator explained that this problem could even get into a whole new level, considering that in a near future, other devices like refrigerators could also suffer this kind of attack, considering that they would be on a network somewhere, and people won´t know how to change their default passwords. In fact, he explained that no matter the convenience accessibility technology will offer to its consumers, major drawbacks can still get in the way.

© 2019 ITECHPOST, All rights reserved. Do not reproduce without permission.
Real Time Analytics