Little updated and with many vulnerabilities, Internet of Things devices are increasingly used by hackers to target users
If the number of cyber attacks has increased exponentially, the reason is due to the massive spread of many devices. And especially to their fragility, in terms of cyber security. Among the most vulnerable are, in particular, the Internet of Things objects.
The reason is quite simple. Although no machine, able to connect to the network, can define itself completely immune to hackers, IoT devices are extremely weak. And, therefore, they are easy targets for hackers, able to discover flaws in their operating systems. Unfortunately, the risks are very high and the consequences, in some cases, can be disastrous. The objects of the Internet of Things, devices that are always connected, have entered our homes on a permanent basis. Let's think, for example, to IP surveillance cameras, often compromised by hackers. If hacked, these devices can deliver a part of our lives into the hands of cybercriminals.
The always-connected objects are also used in industry. Sabotage of a machine, for example, can result in physical harm to workers. Often, hackers compromise Internet of Things devices not only to illicitly appropriate victims' personal data. The hacked objects, in fact, are turned into botnets, zombie computers used by hackers to launch large-scale attacks. And without the users themselves knowing anything about it. In short, IoT objects are still very insecure. Here are some of the most sensational hacker attacks.
One of the most dangerous hacker attacks, also because of the extremely sensitive target, is Stuxnet. Hackers between 2010 and 2014 hit Iranian nuclear power plants. In particular, the virus targeted the Natanz plant. The goal of the hackers was to hit the turbines of the nuclear facility, sending it to collapse. The malware attacked the turbine control system (PLC), which was connected to Windows machines. Not exactly, then, an IoT object. The example, however, serves to demonstrate how fearsome can be the violations against corporate machines, which are more and more connected.
The virus that makes you stay cold
As it is known, the temperature in Finland is quite rigid and in November 2016 the tenants of two buildings in the city Lappeenranta risked, because of hackers, to literally die from the cold. The hackers launched a DDoS attack, an acronym for Distributed Denial of Service, which affected the heating system of the buildings, preventing it from starting properly.
The Mirai botnet
Another attack that demonstrates the fragility of the security of IoT objects is Mirai, a botnet that in October 2016 launched a DDoS attack, sending servers halfway around the world into a tailspin. Netflix Twitter, Spotify, SoundCloud, Github, Airbnb, Reddit, Heroku and Shopify were affected, to name a few. The hackers created the Zombie Computer Network, which was used to knock out the servers of web and internet service provider Dyn DNS for these companies, by exploiting vulnerabilities in some Linux IoT objects.
Brickerbot's modus operandi is very similar to Mirai. The only difference is that the compromise not only knocks out, through always launching a DDoS attack, the always connected device, but destroys it. Hackers take over the IoT devices of users who haven't changed their default credentials. Brickerbot is especially dangerous for companies, which are then forced to shell out money - and lots of it - to buy the affected machines again.
Servers at a university attacked
According to Verizon Enterprise Solutions, hackers managed to hit more than 5,000 IoT devices at a university, whose name is not known, however. In fact, the university's IT team, after receiving complaints about slow internet, discovered that the university's servers had been targeted by a dense botnet.