(Image Credit: iStockPhoto/arda savaşcıoğulları)
Hot on the heels of several large websites and services being taken offline by a DDoS (Distributed Denial of Service) attack from an IoT device botnet last month, a second took heating systems offline in at least two properties in the city of Lappeenranta, Finland.
While the attack last month was frustrating to users attempting to access the affected sites and services, there was no danger to life. In a location as cold as Finland – where temperatures at this time of year are below freezing – taking heating offline could result in death, particularly with elderly residents.
There's been no verified casualties as the result of an IoT-based attack yet, but at this stage it seems to be just a matter of time. The potential anonymity through use of a computer and impersonal nature allowing the detachment from any damage caused is a recipe for disaster.
Access to computers and the internet also opens up the possibility of more people and groups taking advantage from individuals, groups, state hackers, and terrorist organisations looking to cause harm or disruption.
Heating in the Finnish properties was disrupted from late October to 3rd November. The affected systems attempted to respond by rebooting the main control circuit, but this was repeated over and over so the heating was never working.
The company who manages the buildings' operation and maintenance, Valtia, said the systems that controlled the central heating and warm water circulation was disabled. A fix was instated by limiting network traffic.
In the attack on Dyn DNS last month, the following sites and services were taken offline:
The last site, CNN, is particularly notable for being among the largest media networks in the US. The claimants of the Dyn hack, New World Hackers, specifically targeted UK news giant BBC in their last hack. According to New World Hackers – and corroborated by Dyn – their hack was made possible through a botnet consisting of more than 100,000 insecure IoT devices.
IoT devices, on average, get hacked within six minutes of going online due to users who do not change their default passwords. This is creating a large army of devices which can act on the behalf of even a small number of hackers to cause significant disruption and damage.
With the growing number of households with an IoT-based device, hacktivists can take control of the IoT devices in order to flood sites and services with traffic and bring them offline easier than ever before.
What are your thoughts on the latest DDoS attacks? Let us know in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.