IoT Botnet Attacks Own Network

Security researchers have reported that a US based university suffered a DDoS attack from its own network of Internet of Things (IoT) devices which had been infected with malware.

Threat ID:: CC-1204
Category:: DOS, Botnet
Threat Severity:: Low
Threat Vector:
Published:: 23 February 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Security researchers have reported that a US based university suffered a DDoS attack from its own network of Internet of Things (IoT) devices which had been infected with malware.

Threat details

The attack caused widespread connectivity issues for many students. The devices responsible for causing the demand in traffic comprised of vending machines and campus lampposts, amongst other devices.

Root cause was discovered to be an external threat comprised of malware. However, the infrastructure configuration allowed the malware to infect over five thousand IoT devices belonging to the university.

Once the malware successfully compromised a device, it would attempt to brute force administrator credentials to gain control of it. The password would then be changed, blocking the university from accessing their own device and preventing them from being able to shut it down.

The affected devices were then used to carry out DNS lookups every fifteen minutes and with five thousand + devices doing this in unison, the network suffered widespread performance issues throughout the campus.

This highlights how certain devices, especially IoT devices can be overlooked during a security assessment and also how these devices can be used for malicious purposes.

Remediation steps

Type	Step
	Review all IoT devices within the organisation and look to host them on a separate network where they have no access to other devices and consider whether they need access to the internet at all. Ensure that all devices have had their passwords changed from their default password and make sure that strong passwords are used, including the use of numbers, lowercase, uppercase and symbols such as ! # * etc. Do not use the same password on multiple devices. Carry out regular event and log monitoring to identify any unexpected and strange behaviour. Ensure that all IoT devices are included as part of an annual risk assessment.

Type

Step

Review all IoT devices within the organisation and look to host them on a separate network where they have no access to other devices and consider whether they need access to the internet at all.
Ensure that all devices have had their passwords changed from their default password and make sure that strong passwords are used, including the use of numbers, lowercase, uppercase and symbols such as ! # * etc. Do not use the same password on multiple devices.
Carry out regular event and log monitoring to identify any unexpected and strange behaviour.
Ensure that all IoT devices are included as part of an annual risk assessment.

Last edited: 17 February 2020 11:32 am