NEWS ROUNDTABE: Mirai attack on German routers denotes dawn of IoT botnet attacks

By Byron V. Acohido

The latest signal that we are experiencing the early stages of the weaponization of the Internet of Things unfolded last month in Europe, drawing scant attention here in the United States.

On Nov. 28, an attacker managed to infect nearly 1 million home routers used to access Deutsche Telekom’s internet service, disrupting web access for some 5 percent of the customers of Germany’s largest telecom company.

The malware the attacker used was from the “Mirai” family of hacking code. Security researchers only recently discovered Mirai circulating in the internet wilds. Mirai is distinctive in that it is designed specifically to locate IoT devices and then execute a self-spreading routine. Mirai’s core purpose is to rapidly put tens of thousands of infected devices under the control of one attacker.

Related video: As Internet of Things expand, so do risks

That attack on Deutsche Telekom was the second major Mirai-fueled disruption in less than a month. On Friday, Oct. 21, someone used a variant of Mirai to take control of hundreds of thousands of webcams, digital video recorders and home routers, then directed those devices to bombard domain name provider, Dyn, with nuisance requests, clogging up Dyn’s systems and causing it to crash.

That classic denial-of-service (DDoS) attack against Dyn stood out because infected IoT devices were used to inundate the company with a record 1.2 terabytes per second of nuisance signals, twice the volume of any previously monitored DDoS attack. And since Dyn routes traffic to Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit and PayPal, those popular websites were offline for some 12 hours, frustrating millions.

Clearly, consumers and companies ought to brace themselves for accelerated use of infected IoT devices to carry out all manner of malicious activity in 2017. ThirdCertainty convened a panel of experts to put the latest such attack into a wider context. Here’s what they had to say:

Cesare Garlati, chief security strategist, prpl Foundation: It’s not surprising that this happened to Deutsche Telekom. Most home gateways are insecure. The problem was that the manufacturer updated its box from previous versions and left a service normally reserved for carrier use wide open to the internet.

Luckily, Deutsche Telekom was able to patch the issue, exactly the right thing to do. In the future, I hope we see carriers considering manufacturers with higher security standards, such as those outlined in our Security Guidance for Critical Areas of Embedded Computing document. And tips to make it more difficult for attackers to target IoT devices in the home can be found in our Smart Home Security Report.

Jonathan Sander, vice president of product strategy, Lieberman Software: Security pros have warned about millions of insecure home routers for years. What has changed is the arrival of the Mirai exploit targeting these routers and other IoT devices. Mirai is to IoT attacks what the assembly line was to the industrial revolution. We should expect to see bad guys manufacturing attack after attack with it.

In the Deutsche Telekom case, the attacker may have set up Mirai incorrectly. But not every attacker will get Mirai wrong and save the day for them. And those years of unheeded warnings about the poor security of IoT means most vendors are way behind the problem.

The good news is the solutions aren’t hard to figure out. They must automate the software updates to the devices, provide a means to set better defaults and manage the device passwords. But the scale and complexity for those solutions may make it costly. Companies face the classic choice about spending on good security. It’s hard to sell the benefit of something people don’t notice, even if the risk is something that they will notice when it causes them a lot of pain.

Rod Schultz, vice president of product, Rubicon Labs: With this attack and with Mirai you are beginning to see the dangers with ‘break once, break everywhere’ technology. You have an ecosystem of routers that are hosted by Deutsche Telekom that have little digital diversity—same hardware, same software. An exploit on one router works on all routers, so there is a cascading effect that brings down the network.

Management of devices is simpler when they are all the same, but that simplification also can be leveraged by attackers to compromise the system. To be clear, this is not a simple problem to fix, and that security challenge is going to be exploited by attackers for many years to come.

Brad Bussie, director of product management, STEALTHbits Technologies: The Internet of Things will pose the biggest security threat in 2017. IoT devices were not created with ‘security first’ and will represent significant targets for nation states as well as criminal hackers due to known and emerging vulnerabilities.


(Editor’s note: Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone