If we told you only 10 years ago that a failure to change your default password would result in an army of machines being turned against you by hackers, you probably would have scoffed. But as a matter of fact, that’s exactly what will happen, and has happened.
In late October, an Internet-of-Things botnet 100,000 devices strong flooded Dyn – a DNS company – with requests, effectively crippling its ability to route internet traffic. The unprecedented distributed denial-of-service-attack resulted in downtime in certain parts of the U.S. for industry giants, including Netflix, The New York Times and Amazon, among many others.
The most worrisome part of all this is that it’s happened again since then, and it’s bound to happen yet again.
German Telecom Barely Evades Botnet Blitzkrieg
Over Thanksgiving weekend, approximately 1 million European web users served by Deutsche Telekom had their routers hijacked, allegedly in an attempt to orchestrate a DDoS attack. However, according to ZDNet contributor Zack Whittaker, the attack was “botched,” and the worst thing that happened was that those affected in the attack temporarily lost their internet connection. The telecom has since issued a fix.
Not so surprisingly, the attack was executed using a slightly modified version of Mirai, which is the same malware that was leveraged in the attack against Dyn.
It’s Not Just Mirai We Need to Worry About
“Linux/IRCTelnet has the potential to wreak havoc.”
Mirai has shown on multiple occasions now that it has the potential to cause serious problems for businesses, but the only thing worse than one Mirai, is two.
According to Ars Technica’s security editor, Dan Goodin, Linux/IRCTelnet is a “new, more powerful IoT botnet,” and it managed to infect 3,500 devices in three days. The new threat borrows source code extensively from Aidra, a much older IoT bot package, and several others like it.
“Linux/IRCTelnet also borrows telnet-scanning logic from a newer IoT bot known as Bashlight,” Goodin wrote. “It further lifts a list of some 60 widely used username-password combinations built into Mirai.”
Additionally, IRCTelnet features code that can attack sites using a next-generation internet protocol called IPv6. In so many words, Linux/IRCTelnet has the potential to wreak havoc – unless of course, users start authenticating their devices.
The only reason IoT botnets can take control of so many devices is because it has access to their login credentials. Change your passwords, and you do the entire internet community a big favor. It’s only a matter of time now before someone figures out how to make a persistent IoT attack (devices are still infected even after a restart). But don’t wait for the worst-case scenario before taking action. Change your device passwords today.
Learn how Faronics Deep Freeze can help out in such situations. Contact us today.