Plixer – Booth S443 – Smart Dust could be the next big cyber threat vector transforming into a massive botnet made up of microscopic Internet-connected devices.
Kennebunk, ME. – February 14, 2017 – The Internet of Things (IoT) is placing an unprecedented number of unsecured devices on the Internet every day that are being leveraged by hackers to steal data and to launch Denial of Service Attacks (DDoS). These devices are coming in the form of thermostats, refrigerators, pet feeders, cameras, healthcare devices, and more. Gartner estimates that by 2020, 50 billion connected “things” will be on the Internet.
Pushing the escalation of DDoS attacks is the release of the mirai code, which has opened the door for hackers to create their own code to access the vast varieties of IoT devices to be leveraged as bots designed to launch massive DDoS attacks. This trend is gaining momentum in the threat landscape as hackers experiment with the Mirai code to boost the impact of their DDoS attacks, as evidenced by the recent discovery of a record-setting 12.2-day DDoS attack.* What comes next is an exponential windfall for hackers with the introduction of Smart Dust.
Smart Dust is the term used to describe very small chips containing a system of tiny microelectromechanical systems (MEMS) such as sensors, robots, or other devices that can, for example, father and send sensory data such as temperature, vibration, GPS coordinates and more to an Internet host where the data can be stored and analyzed. These chips are microscopic, can be airborne, and will be able to run for years without external power.
Smart Dust will be manufactured inexpensively, making it possible to integrate into a variety of products including food or merchandise packaging as a means of tracking. Smart Dust embedded into a variety of disposable products will eventually end up in a landfill still connected and capable of communicating to the Internet via 6LoWPAN. With the longevity associated with these MEMS and the ability to run without external power, hackers will have unprecedented opportunity to access these unsecured MEMS that can be used to create massive distributed botnets.
Without a definitive end-of-life process, these objects could stay connected to the Internet for years. Ownership and responsibility guidelines need to be hammered out to govern these next generation sensors. The significant ramifications of not decommissioning Smart Dust properly has the potential to result in an Internet of Zombies.
For additional information on Smart Dust, see https://www.plixer.com/blog/denial-of-service-attack/mirai-ddos-botnet-powers-control/
For more resources, see www.plixer.com
Plixer is a leader in delivering massively scalable flow collection with behavior and traffic-pattern monitoring, enabling organizations to rapidly identify threats and provide surgical incident response. By collecting flow data from existing network and security systems and offering the industry’s fastest and most comprehensive reporting, Plixer customers gain deep visibility and context, vastly reducing time to resolution. DVR-like replay, via a graphical display, delivers granular forensic details corresponding to events. Plixer provides the data you need, when you need most. Learn more at plixer.com, stay connected with the Plixer blog, and follow us @Plixer.