An unnamed university has reported a major distributed denial of service (DDoS) attack stemming from its own Internet of Things (IoT) devices. These are said to have included connected vending machines and light bulbs.
A report on the North American website, HardOCP says that the hackers used brute force to access approximately 5,000 IoT devices on the campus and bizarrely, says Jeremy Cowan, it set them to query seafood-related domains.
This is not the first time hackers have used IoT devices for DDoS attacks. The release of the Mirai botnet source code last year led to the widely-reported DynDNS attack in October. (Also see: Hacker releases source code of Mirai DDoS Trojan after targeting the IoT this weekend.)
Commenting on this as yet unconfirmed news, Stephen Gates, chief research intelligence analyst at NSFOCUS IB says: “On the surface, this appears to be more of a prank than a sophisticated denial of service attack. However, proving that large-scale IoT takeovers are possible should be a wake-up call to those who manage networks rife with unsecured IoT devices. Municipal, industrial, commercial, and now educational infrastructures are becoming more and more vulnerable because organisations often carelessly deploy IoT without understanding the ramifications of weak IoT security.
“In this case, the damage appears to be limited and only inconvenienced users on a campus network,” Gates adds. “Do the same to a transportation system, a chemical plant, a hospital complex, an E911 system, or an ISP (internet service provider), and the damage could be much, much greater.”
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow