Tech Republic: Prevalence of disruptive DDoS attacks signifies need for higher IoT standards

( – In the article “Dyn DDoS attack: 5 takeaways on what we know and why it matters” contributor Conner Forest provides insight into the various elements at work behind the October 2016 cyber-attack that took several prominent web-based service providers offline. Smart devices such as cameras and DVRs – part of the Internet of Things (IoT) – may be recruited into “botnets” (vast networks of infected machines communicating across the Internet) without security measures in place.  Once hacked, the compromised machines join forces with millions of others around the world to bombard web servers with so many requests that they become overwhelmed and stop responding, taking sites and services nearly or completely offline.

Here are some things you can do to keep your smart devices from becoming part of a botnet:

  • Change the default password. Many devices start up with an easy to remember password such as “admin”. Consult the user guide or contact technical support to change this to a more secure password
  • Turn off, disconnect or power down any devices that don’t need to be connected for long periods of time (“always on”) including your computer, printer, or router
  • Update and patch! Be sure to install all the latest firmware (software instructions for your hardware) updates and patches for all devices when you are notified
  • Run anti-malware programs and keep them up to date, and make sure that all computers, smartphones and tablets are running protection programs and have the latest operating system updates
  • Support the efforts of the Information Technology (IT) community and policy makers to demand more stringent cyber security standards from IoT manufacturers

Experts are calling for overhauling best practices for security in the IoT industry, including programming smart devices to require that startup passwords be changed before use,  built-in filtering of inbound traffic, and calling on the government to institute security grade standards. The Dyn attack incorporated participation from tens of millions of locations worldwide, was highly sophisticated and quite disruptive. And, according to the author, this is only the beginning, for it is likely that this was merely a “practice” run.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.