How has the security of the Internet of Things evolved in recent years? TechBeacon last visited the topic in 2017 and found the picture to be troubling at best. Now, for the first time since 2014, OWASP has updated its own Top Ten list of IoT Vulnerabilities. While the present state of IoT security remains poor, a reading of the draft reveals some shifts in thinking about how to shore up IoT devices’ spotty security. For example, “weak, guessable, or hardcoded passwords” now top the list, replacing insecure web interfaces, which drop to No 3. Insecure networks also rank higher, now up a spot, to second on the list.
By targeting internet of things (IoT) devices using default passwords, the botnet has grown large enough to launch a 400 gigabits per second (Gbps) attack without any form of amplification.
The attackers simply used the cumulative bandwidth available to the IoT devices they have infected with the LizardStresser malware.
The malware was created by the Lizard Squad DDoS group, which published its source code in early 2015, enabling other aspiring DDoS attackers to build their own botnets.