Your toaster, your lamp, and your washing machine all have or will soon have something in common. They are/will be connected to the Internet in what is commonly referred to as the Internet of Things (IoT). These connected devices hold great promise to add convenience to our lives….as long as they don’t become Frankensteins that begin attacking servers on the Internet. That is exactly what happened this week when one of the most popular security bloggers was the recipient of so much bogus data that his web site was taken offline. Brian Krebs explained on Twitter how his site was hit with 665Gbps of bogus traffic. This is the equivalent to more than three copies of all of the information contained within Wikipedia being sent to his server every second. Yikes!
Where did all of this traffic come from? Many of the IoT devices on the market today have security vulnerabilities that allow an attacker to take control of the device remotely and control it as they see fit. In this case, the attacker likely decided to tell all of the devices under his control (also called a botnet) to attack the same web server at the same time. Whoever is in control of this botnet has a potentially powerful tool that could cause damage all over the internet.
What can you do to help prevent this type of attack? Install vendor software updates (i.e. patches) on all of your internet connected devices. Managing the home IoT device landscape from a security perspective just became a lot more important and you can believe there will be more companies looking to help you ensure your toaster isn’t going rogue. In the mean time, patch away!