Whenever someone wonders why a strong password is so important, there’s one thing you can remind them of: Dyn. Ring any bells? Here’s a quick refresher: last fall, a good deal of the east coast was taken offline because of an attack on Dyn, a major service provider for big-name websites. That attack occurred because of two reasons: default passwords and Mirai malware, which infected IoT devices that still used these factory-set passwords to create an army of botnets.
Low and behold, that army took down Dyn and created the highest volume of DDoS traffic ever recorded in the process. That, in turn, rendered popular websites like Netflix, Twitter, Spotify, and PayPal, to name a few, dormant. Although this was last fall, remember that the Mirai code is out in the open, which means it’s a threat that’s may be even more relevant today than it was before.
With the rise in popularity of the Internet of Things, we’re using connected devices now more than ever—they’ve just become part of our lifestyle. More specifically, part of our homes.
So how exactly could Mirai capitalize on the connected home? Mirai takes advantage of the fact that consumers rarely change the default passwords set by the manufacturer on their connected devices. That means any device in a connected home that’s unsecured could potentially join the ranks of a botnet army. As consumers bring more and more devices into their homes, there’s just that many more soldiers Mirai can use for its next DDoS attack.
So, as we continue to bring more and more IoT devices into our homes, Mirai needs to remain top of mind as we think about how to stay safe while staying connected. Not to mention, McAfee Labs estimates that 2.5 million IoT devices have already been infected by Mirai by the end of 2016. So, to make sure your IoT devices aren’t enslaved next, here are a few tips to protect you and your family:
- Check a device’s track record. Before buying a connected device, see if it, or the company offering it, has had issues with being used for attacks. A quick web search will provide you with the research you need to know about the device’s security standards.
- Keep software up-to-date. This simple best practice often removes vulnerabilities, as providers usually place patches for bugs in each update, especially those recently discovered. So, make sure you install all updates as soon as they’re available.
- Change defaults and use strong passwords. Default and weak passwords pose the main threat to IoT devices. Practice good password habits, such as using long phrases, special characters, mixed cases, and digits so that your passwords are strong and difficult for cybercriminals to guess.
- Secure devices with a strong network. Connecting IoT devices to a secure Wi-Fi network will help create an extra layer of security for a connected home. Lock the router with a strong Wi-Fi password and other security protocols, such as WPA2. Additionally, consider a gateway with built in protection like McAfee Secure Home Platform, so that security starts at the heart of it all.
And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.