Something fishy is going on in the Internet of Things (IoT).
One university—which shell remain unnamed—recently experienced a major IT hack, in which the attacker attempted to take down the institution's entire network with a tsunami of searches related to seafood.
To execute the attack, the hacker broke into the university's IoT network through its connected devices and then instructed those devices to make "hundreds of Domain Name Service (DNS) look-ups every 15 minutes, slowing the institution's entire network and restricting access to the majority of internet services," according to a case study of the attack in Verizon's Data Breach Digest 2017 preview.
Hacked IoT devices included lamps, vending machines, and other items, the report explains. According to Verizon Enterprise, the IoT is "a term that describes a network of physical objects connected to the internet. These may be discrete items like light bulbs or larger systems like building automation solutions. Embedded in each device are electronics capable of network connectivity along with sensors or other features."
Security breaches happen. Make sure your campus is prepared
So why use IoT to take down a network?
The Data Breach Digest identifies two main weaknesses that made this strategy appealing to hackers. First, the devices had weak passwords. In fact, the majority of them still had default credentials they'd come with. The need to set a network password on a refrigerator is less obvious than it is on a laptop, says Laurance Dine, managing principal of investigative response at Verizon.
Secondly, the IoT at the targeted institution was using the same network as the rest of the IT infrastructure—making it possible to take down the whole network by way of the IoT.
Identify your networks' vulnerabilities to prevent future hacks
ZDNet's Danny Palmer suggests, "one way organizations can attempt to avoid falling victim to this sort of attack is by ensuring that IoT devices are on a completely different network to the rest of the IT estate."
Taking precautions with IoT networks will only grow more important because, as Dine explains, this threat isn't going away any time soon.
"There's going to be endless amounts of technology out there that the people are going to easily be able to get access to... [it's] going to be a big problem until we figure out how to create diversions," he predicts (Palmer, ZDNet, 2/10; Ravipati, Campus Technology, 2/13; Verizon Enterprise Data Breach Digest, January 2017).
Drive phishing awareness to keep campus community members from falling for the bait
Next in Today's Briefing
Can't get a word out? Here's how to handle interrupting colleagues, according to an expert.