You may of heard of today’s MASSIVE Distributed Denial of Service (DDoS) attacks, knocking out access to some of the internet’s most heavily visited websites.  What you may not realize is that many of the devices in your home or office could be a part of this.

Having trouble viewing this video?  Click here.

Recently, major security firms and even the U.S. Department of Homeland Security have been warning about the increasing threat of botnets attacking Internet of Things (IoT) devices…video cameras, printers, routers, smart TVs, and other connected gear.

The Mirai botnet malware is most likely powering these attacks.  With attacks originating from MILLIONS OF IP ADDRESSES, the worst fears regarding IoT botnets are being realized.    We should point out that this may be the largest, but certainly only the latest of several major IoT botnet attacks.

Just weeks ago, Mirai’s author released the source code for the botnet.

So how could YOU be involved?  Well, the Mirai source code contains a list of 61 passwords that confirm a dangerous trend that we’ve seen in study after study:   The MAJORITY of IoT devices are using DEFAULT PASSWORDS!

These examples prove this:

 

USERNAME PASSWORD
admin admin
admin password
guest guest
user user
admin 12345

You can see the full list here, where you’ll recognize most of them to be default settings.

IoT is a great concept.  While we’ve exposed some important vulnerabilities, we should also put this in perspective.  Like ANY other technology, it can be safe…but it can also be dangerous if not used responsibly.  You wouldn’t leave the keys in your car while parked in front of a bar.  It’s common sense to avoid doing so, but if you did, someone drunk could drive off in it and do terrible harm.

Yes, car theft and drunk driving are more serious issues, but the point is that if indeed millions of devices are launching these attacks…yours could be part of it!

Bottom line:  CHANGE THE PASSWORDS ON YOUR CONNECTED DEVICES!

 

For more information:

Major websites across East Coast knocked out in apparent DDoS attack

http://www.cnbc.com/2016/10/21/major-websites-across-east-coast-knocked-out-in-apparent-ddos-attack.html

 

Heightened DDoS Threat Posed by Mirai and Other Botnets

https://www.us-cert.gov/ncas/alerts/TA16-288A

 

Here are the 61 passwords that powered the Mirai IoT botnet

(Note:  This article is actually referring to what was previously the largest DDoS attack on record.  Today’s attack dwarfs the referenced Krebs attack in magnitude.)

http://www.csoonline.com/article/3126924/security/here-are-the-61-passwords-that-powered-the-mirai-iot-botnet.html

 

 

 

 

 

Are YOU part of the IoT botnet?