Submission + - University DDoSed by Its Own IoT Devices (bleepingcomputer.com)
An anonymous reader writes: An unnamed university has suffered a DDoS attack at the hand of its own IoT devices, according to a sneak preview of Verizon's upcoming yearly data breach report. The DDoS attack was caused by an unnamed IoT malware strain that connected to the university's smart devices, changed their default password, and then launched brute-force attacks to guess the admin credentials of nearby devices.
Investigators said that the hacked devices would then start an abnormally high level of DNS lookups that flooded the university's DNS server, which in turn resulted in the server dropping many DNS requests, including legitimate student traffic. The university's IT team said that many of these rogue DNS requests were related to seafood-related domains. The university said that over 5,000 smart devices had been taken over during this incident. Investigators regained access over hijacked devices after they took the university's network offline and used a script to capture the new admin password, and then rewrite it with their own.
Investigators said that the hacked devices would then start an abnormally high level of DNS lookups that flooded the university's DNS server, which in turn resulted in the server dropping many DNS requests, including legitimate student traffic. The university's IT team said that many of these rogue DNS requests were related to seafood-related domains. The university said that over 5,000 smart devices had been taken over during this incident. Investigators regained access over hijacked devices after they took the university's network offline and used a script to capture the new admin password, and then rewrite it with their own.
University DDoSed by Its Own IoT Devices More Login
University DDoSed by Its Own IoT Devices
Slashdot Top Deals