Webcams used to mount a DDOS attack

In an interesting report highlighting the new dimensions of Cyber threats that may arise from IoT (Internet of Things)  devices, BBC reported (Refer article here) that a webhosting company OVH suffered a DDOS attack from an army of Webcams acting as Zombies remotely controlled by the attacker. This is reported to be perhaps the largest DDOS attack with more than one terrabit of data being fired at the server to bring it down.

The attack was mounted by around 145000 web cams acting as a botnet and indicates how the large number of devices capable of being connected to a server and sending data could be misused by the hackers to redirect the data towards a single server and cause the server to be brought down.

According to security experts such attacks could be easily executed using tools available on the net with minimal amount of skills required.

With more and more devices under IoT getting connected through internet, there is an urgent need to ensure that enough security is built into the device to prevent this sort of hacking. This also means that professionals who install such devices as smart Webcams or other smart devices should have a reasonable knowledge of information security and configure the devices with suitable information security controls.

Some of these controls need to be enabled at the time of manufacturing of the PLCs (Programmable Logic Controllers) that may drive such devices and the quality certifications of such devices should include their security evaluations.

India is dreaming of Smart Cities, smart Trains and various other devices where off the shelf devices are likely to be used with default security configurations which create the security vulnerabilities that can be exploited.

Hopefully the corporate security professionals will wake up to this new type of emerging threat which use “Physical Security Devices” and create “Cyber Security Issues”.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.