Internet attacks bigger, nastier
Household devices are the latest tools being deployed as online attacks escalate.
NEW YORK — Could millions of connected cameras, thermostats and kids’ toys bring the internet to its knees? It’s beginning to look that way.
On Friday, epic cyberattacks crippled a major internet firm, repeatedly disrupting the availability of popular websites across the United States. The hacker group claiming responsibility says that the day’s antics were just a dry run and that it has its sights set on a much bigger target. And the attackers now have a secret weapon in the increasing array of internet-enabled household devices they can subvert and use to wreak havoc. DDoS attack perpetrated during the second quarter of this year peaked at just 256 billion bits per second.
A huge September attack that shut down of security journalist Brian Krebs’ website clocked in at 620 billion bits per second. Research from the cybersecurity firm Flashpoint said Friday that the same kind of malware was used in the attacks against both Krebs and Dyn.
Lance Cottrell, chief scientist for the cybersecurity firm Ntrepid, said while DDoS attacks have been used for years, they’ve become very popular in recent months, thanks to the proliferation of “internet of things” devices ranging from connected thermostats to security cameras and smart TVs. Many of those devices feature little in the way of security, making them easy targets for hackers.
The power of this kind of cyberattack is limited by the number of devices an attacker can connect to. Just a few years ago, most attackers were limited to infecting and recruiting “zombie” home PCs. But the popularity of new internet-connected gadgets has vastly increased the pool of potential devices they can weaponize. The average North American home contains 13 internet-connected devices, according to the research firm IHS Markit.
Since the attacks usually don’t harm the consumer electronics companies that build the devices, or the consumers that unwittingly use them, companies have little incentive to boost security, Cottrell said.