He points to the example of an attacker looking to test 100,000 stolen credit cards. Now, Miron says, attackers look beyond volumetric attacks to exploit the logic of applications themselves. Once enough devices were controlled, attackers could use them to go after one target at the same time, quickly overwhelming the organization.” “It was a very simple piece of code with a simple idea: Each device would go looking for additional devices to control. “Consider the Mirai botnet, an early example of a volumetric attack,” Miron says. While volumetric botnet attacks remain common, malicious actors are also becoming more sophisticated in their approach. READ MORE: IoT and analytics aids disaster preparedness and response. “Even if attacks don’t impact government’s ability to perform key functions, they can impact public perception and reduce public confidence.” “Government organizations are often responsible for critical infrastructure, and agencies may hold a lot of data,” Miron says. For state and local agencies, however, the occurrence of the attack itself can be damaging, even if data isn’t compromised. IoT botnet DDoS attacks are often used as distractions that hide hacker efforts to compromise networks and install malware payloads capable of capturing and exfiltrating data, Miron says. If agencies don’t have the right security infrastructure in place, these bots can bring down entire networks. The most common attack vectors for IoT botnets are DDoS attacks, which see agencies inundated by thousands of access, function or data requests from controlled devices simultaneously. While IoT devices are limited in their computational ability, even an AC unit now has a powerful processor that lets it perform some computation.”Īn attacker marshals these compromised devices to attack a target, such as a state or local government network. I imagine an army of toasters and air conditioners, and this isn’t far from the truth. “Attackers can take control of tens or hundreds of thousands of devices and use them to do their bidding. “This could be anything you install in your home, or sensors in your business,” he says. According to Nitzan Miron, vice president of product management for application security at Barracuda, an IoT botnet begins when an attacker compromises a connected device.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |