On Friday, October 21, 2016, the DNS provider Dyn was the victim of a DDoS attack. At the time, the source of the attack was not known. But over the weekend, it became clear that the massive bandwidth for the attack originated with a very large network of compromised Internet of Things devices.
Security researchers have warned for years that Internet-connected devices could be the next method that malicious actors use to carry out attacks on Internet sites, services, and now, part of the Internet infrastructure itself.
But, is this a cause for panic? Or to stop investing in smart home technologies? Not necessarily. But it is a wake-up call that security must be tightened on both existing and new home automation and connected "Internet of Things" (or just Internet-connected) devices.
Many devices that can connect to the Internet and to apps are not capable of being updated, setting a password or configuring their settings. And many of these devices come from little-known vendors who may not be aware of the security implications of connecting, for example, web cams, DVRs and baby monitors to the Internet.
No specific brands or models of devices were implicated in the attack, but we'll update this information if there indication of any particular IoT device specifics.
In general, to better protect your own devices and home network, it's best to practice good security practices:
-Secure your Wi-Fi network and Internet router that's acts as your "gateway" to your broadband connection. This is your first line of defense. Don't just change the network name and assume that will protect you.
-Any devices that you can perform a firmware update on, do it. Devices that can't be updated but connect to the Internet should not trusted. Use only devices from well-known manufacturers that have a good track record of device and security updates.
-Change passwords on your devices and online services every six months, and make them at least 12 characters long, including lower and uppercase letters, numbers and symbols.
Those are just a few ways to ensure your devices do not unwillingly participate in some sort of "botnet" in the future.