Following the news that hackers used IoT devices to conduct the largest DDoS attack in history on the French hosting company OVH, here is a comment from Lee Munson, security researcher for Comparitech.com:
“The recent OVH DDoS attack has highlighted two key security issues, neither of which looks like being addressed any time soon.
The first is the number and scale of DDoS attacks that have been taking place recently.
Gone are the days when a few script kiddies would shackle a few computers together to flood an individual’s blog into an overloaded pocketful of submission – nowadays it’s all about huge botnets and corresponding services that can be hired by the hour, by bandwidth or based on results.
Secondly, it is all about the Internet of Things, that marvellous evolution of network-enabled household items that promise oodles of goodness to homeowners while, years on from its inception, still concerns those of us in the security industry who have long warned of manufacturers who consider the risks too late in the development cycle, or not at all.
Until governments regulate IoT devices, or manufacturers at least consider more than the bottom line, cameras, fridges and toasters around the world will continue to offer themselves up as willing slaves to botnet command and control centres, waiting to be unleashed on Krebs on Security or any other website that a bad actor wants to take down.”