Hacked IoT devices behind largest DDoS attack to date
An army of hacked IoT devices was used to conduct the two largest DDoS attacks to date.
Security experts have warned time and again that hacked IoT devices could cause serious security damage. Now might be a good time for IoT device makers and IT departments to listen to them as two recent, massive, distributed denial of service (DDoS) attacks have just proven them right. On 22 September, the blog of security researcher Brian Krebs, was taken down following a DDoS attack of 665 Gbps. On the same day, the servers of French internet service provider (ISP) OVH were targeted by a DDoS attack of over 1 Tbps, making it the largest known DDoS attack to date. The attack was conducted by a large botnet comprised of nearly 150,000 compromised internet-connected closed-circuit television (CCTV) devices and digital video recorders (DVRs). Hacked IoT devices were also responsible for the DDoS attack against Brian Krebs’s site, according to Krebs.
It is not the first time hacked IoT devices are involved in DDoS attacks. Earlier in June, security experts at Sucuri reported they had discovered a botnet made up of more than 25,000 CCTV devices, used to launch DDoS attacks. Sucuri found then that the malicious botnet used IP addresses in more than 105 countries around the world.
The question is now whether these new, massive attacks, will send a signal strong enough for the IoT industry to take security experts’ warnings more seriously.
Only days before the attacks against Krebs and OVH, Symantec had warned that IoT devices were increasingly used for (DDoS) attacks, pointing at weak built-in security and slack security routines as major weaknesses. According to Symantec, many IoT devices are installed and then forgotten, and their firmware is not necessarily updated. Additionally, default passwords are rarely changed. Based on IP addresses, a majority of IoT security attacks originated in China and the U.S. in 2016, according to Symantec.
Warning against MQTT
The Swedish national Computer Security Incident Response Team (CSIRT), CERT-SE, issued a warning against the use of the MQTT protocol, used for data transfer in IoT applications. According to CERT-SE, many MQTT servers (brokers) fail to use authentication, traffic encryption or message encryption, making it possible for an attacker to access sensitive data and manipulate applications. CERT-SE’s warning follows a server scanning conducted by security researcher Lucas Lundgren.
CERT-SE also warned about other protocols used in IoT, including OPC UA, HTTP (REST/JSON), CoAP, DDS och AMQP. Used for testing, many of these protocols are not secured once projects move into a production phase, according to CERT-SE.
IIoT News Recap: SAP to invest $2.2 billion in IoT over next five years; Microsoft Azure to power Renault-Nissan’s future connected car services; Dell EMC strengthens OEM and IOT solutions division in Africa; Trimble launches LoRa-based IoT sensors for water monitoring
IoT: SAP to invest $2.2 billion in IoT over next five years
German software giant SAP announced plans to invest $2.2 billion (€2 billion) in IoT over the next five years. “With billions of connected devices, we now have the potential to reshape society, the economy and the environment,” said Bill McDermott, CEO of SAP. “SAP HANA is the data platform we knew would unlock the Internet of Things. Today SAP is making another bold investment to help our customers seize the benefits of live business. Only SAP empowers businesses to innovate from the core to the edges to the networks.” Among other things, SAP is introducing Industry 4.0 packages featuring IoT solutions to enable digital business strategies. SAP also plans to establish IoT Labs around the world to collaborate on Industry 4.0 and the IoT with customers, partners and startups.
Connected car: Microsoft Azure to power Renault-Nissan’s future connected car services
The Renault-Nissan Alliance and Microsoft have entered a global, multiyear agreement to develop next-generation connected services for cars powered by Microsoft Azure, Microsoft announced. Services will include advanced navigation, predictive maintenance and vehicle-centric services, remote monitoring of car features, external mobile experiences and over-the-air updates. “A car is becoming increasingly connected, intelligent and personal,” said Ogi Redzic, Renault-Nissan Alliance senior vice-president, Connected Vehicles and Mobility Services. “Partnering with Microsoft allows us to accelerate the development of the associated key technologies needed to enable scenarios our customers want and build all-new ones they haven’t even imagined. We aim to become the provider of connected mobility for everyone with one single global platform.”
IoT: Dell EMC strengthens OEM and IOT solutions division in Africa
In order to help original equipment makers (OEM) and Independent Software Vendor (ISV) customers deploy IoT solutions in Africa, Dell EMC is expanding its presence in the region, IT News Africa reports.
LPWAN: Trimble launches LoRa-based IoT sensors for water monitoring
Positioning and data specialist Trimble announced the launch of wireless, battery-powered Internet of Things (IoT) sensors for water monitoring applications. The new range of IoT sensors, the Telog 41 Series, uses LoRa Low-Power Wide Area Network (LPWAN) technology. “The IoT for water enables a step change in operational efficiency, compliance and sustainability for the water industry,” said Adrian Newcombe, business director of Trimble’s Telog solutions. “With the Telog 41 Series of IoT sensors, utilities now have the ability to monitor areas of their network that would have been cost prohibitive to reach in the past. And with the ability to wirelessly report data at resolutions down to five minute intervals, water managers have much deeper visibility into their operations. This is essential for enabling utilities to transform how they operate their distribution and collection networks.”