There was a very large "unprecedented" Denial of Service attack on special computers on Friday that brought down entire company web sites, such as Amazon. (Did you try using Amazon on Friday, 10/22 in the afternoon?) The details on what is known, as well as a refresher in jargon, can be found at: https://www.wired.com/2016/10/internet-outage-ddos-dns-dyn/?mbid=nl_102116_p3&CNDID=29643548
How was this attack executed? Hundreds of thousands of devices, including cameras, DVRs, Routers,... were infected by a class of malicious software called Mirai. The infection may have been partly your fault! Your camera, your DVR, your router may be infected. A command was sent to all infected devices and they started sending requests to the special computers, overwhelming them. If you did not change your device's default user id and password, then your device was a target. For example, if you have a camera or router, it has a user id and password that has to be entered in order to configure it. If you left those two important security features at the default value provided by the manufacturer, then Mirai will detect that, log on to your device, and turn it into a "bot".
How do you fix the problem? First, you have to reboot the device. Second, and immediately after rebooting, you have to change the default values to ones that are "yours" and of the same level of sophistication as demanded for logging on to your financial institution. Also, if you have software in the cloud for remotely managing your device, you have to change the logon values in that program to match your new ones; if you have network-oriented programs, same thing.
This kind of problem, keeping default userids and passwords, is the same approach taken by the computer industry that started the whole virus/malware thing back in the 90's: not taking security seriously and shortcutting quality coding practices. Please be serious about the security of your devices.
An good readable article on the Mirai malware can be found here: https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
No comments:
Post a Comment