Cybersecurity in the Age of IoT: 5 Best Practices for Government
But with the growth of IoT devices comes a larger surface from which adversaries can exploit vulnerabilities and launch cyberattacks. IoT connected devices are especially susceptible to network-borne threats. This is all the more paramount for public sector devices, whose breaches could have potential national security implications. Current risks Reports of IoT attacks in the private sector are becoming increasingly common. Most recently, an attacker deployed a massive botnet in a DDoS attack on Dyn, the DNS provider shared by popular websites like Twitter, Reddit and Spotify. What set this attack apart from other DDoS attacks is that the user used a botnet comprised of IoT devices, such as webcams and DVRs, to overwhelm Dyn with more traffic than it could handle. And a recent report found that attackers used IoT devices to remotely generate attack traffic by exploiting a 12-year-old vulnerability in OpenSSH, dubbed SSHowDowN Proxy. Attacks originated from devices including video surveillance such as CCTV and DVR devices, satellite antenna equipment and networking devices such as Routers and Hotspots. Once malicious users had access to the web administration console, they have been able to compromise the device’s data and in some instances, fully take over the machine.
More: Cybersecurity in the Age of IoT: 5 best practices for government