The proliferation of Ransomware is rapidly spreading across the Internet and its targeting not only traditional networks but also the IoT or Internet of Things environment. The Internet of Things is the name of the massive amorphous network of interconnected “smart” devices that are found in fridges, microwaves, watches, CCTV cameras to children’s toys and every other gadget imaginable that have come onto the market in recent years.
There are well known IoT devices such as Amazon’s Alexa which uses the power of voice recognition software and artificial intelligence powered by the cloud to more obscure devices manufactured in bulk in Shenzen, China with bog standard security. The proliferation of IoT devices poses a challenge to the cybersecurity industry because the “attack surface area” of any network increases exponentially due to these gadgets with microchips and unique IP addresses laying about the home or office.
Oftentimes, these IoT devices are pushed onto the market and languish in people’s homes without a single security patch being rolled out which means they are particularly vulnerable especially to tools such as Mirai–which scours the web looking for IoT devices that still have their factory settings and default username and password. Mirai will then take over the IoT device, creating a botnet of IoT devices which can be commanded remotely and used to launch Distributed Denial of Service attacks across the web. The renowned technologist Christopher Krebs noted:
At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one computer security firm has come out saying the attack involved Mirai, the same malware strain that was used in the record 620 Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating the Mirai malware released the source code for it, effectively letting anyone build their own attack army using Mirai.
Krebs believes the way to fix the issue:
As I noted in The Democratization of Censorship, to address the threat from the mass-proliferation of hardware devices such as Internet routers, DVRs and IP cameras that ship with default-insecure settings, we probably need an industry security association, with published standards that all members adhere to and are audited against periodically. Until then, these insecure IoT devices are going to stick around like a bad rash — unless and until there is a major, global effort to recall and remove vulnerable systems from the Internet. In my humble opinion, this global cleanup effort should be funded mainly by the companies that are dumping these cheap, poorly-secured hardware devices onto the market in an apparent bid to own the market. Well, they should be made to own the cleanup efforts as well.
Devices infected with Mirai are instructed to scour the Internet for IoT devices protected by more than 60 default usernames and passwords. The entire list of those passwords — and my best approximation of which firms are responsible for producing those hardware devices — can be found at my story, Who Makes the IoT Things Under Attack.