‘Mirai’ Botnet still affecting IoT devices

Next story

Botnet ‘Mirai’ is still causing the domino effect as Internet of Things brands are having to re-evaluate the security of products.

Internet of Things (IoT) have blasted onto the scene, despite being talked about since the late 80’s, with 2016 we’re seeing everything from Smart Fridges to Smart energy systems.

However, with any new innovative inventions or developments there are usually teething problems. October saw possibly the biggest DDoS attack that brought down the majority of major websites.

The internet’s domain name system (DNS) infrastructure, Dyn, was targeted, and thus websites such as Twitter, Netflix, and Reddit were brought to a grinding halt.

The botnet ‘Mirai’ was behind this mass DDoS attack, and as a result Chinese electronics firm Xiongmai is initiating a product recall, as many of the targeted IoT devices were webcams and digital recorders made by Xiongmai.

The recall is due to recent research exposing basic security errors within the products, such as not requiring a password for connections made over the internet.

Mark James, ESET IT Security Specialist , looks at Xiongmai and other IoT brands and how they can prevent future botnet attacks.

“I don’t think Xiongmai can be held liable for this attack, but they obviously recognise a concern here, and are making good steps in the right direction by recalling products that may have been affected.

“Hopefully other manufacturers will follow suit and take a look at what they can do to increase security of their own products. It seems these days that security takes a back seat, and low cost affordable mass consumer use seems to be the preferred option. This has to change if we want a safer environment for our digital presence .

“One of the biggest problems with IoT is its lack of security. The race is currently on to get customers involved with your product, and that divider between usability and security is hard to get right at the early adoption stage. People like easy, and sadly the average user will very often choose ease over security; if offered cheaper or safer will often choose cheaper every time.

Manufacturers have to design security into their products from day one, and it has to stop being an afterthought or sadly in some cases no thought. As our digital presence expands we need to accept security is everyone’s responsibility, if we stop buying insecure products and force the manufacturers to make better and safer products, things will have to change.

“A lot of IoT products already in use should be able to upgrade through firmware. In some cases, minor changes may make them more secure, but in most cases it’s getting those updates out to the public. A lot of IoT devices are purchased, configured, installed and forgotten about, and the idea of checking for updates on those devices is alien to most users.

Did you notice the outage in October? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.