Symantec is raising the alarm about the lack of security for the emerging Internet of Things. In a new blog post, the company specifically looks at DDoS (distributed denial of service) attacks, which can cripple an online target by flooding it with bogus traffic.
Citing traffic to a ‘honeypot’ that it created, Symantec says that the majority of such attacks come from IP addresses in China, at 34 percent, while Russia comes in second at 9 percent. The company also found that weak passwords can be a big part of the problem, with IoT malware most commonly using default codes like “admin” and “root” to log into IoT devices; other popular passwords were “123456”, “password”, and “qwerty”.
Symantec also asserts that “2015 was a record year for IoT attacks,” and while it doesn’t cite any hard data for this, its blog does offer a detailed breakdown of new “malware families”. And given the continued growth and expansion of the IoT, it does make sense that such attacks would have been markedly higher last year, and could increase further this year.
Symantec has previously proven to be a vocal critic of increasingly archaic password-based security systems, and it isn’t alone among digital security companies expressing concern about the IoT. Even the US Justice Department has launched a new agency tasked with investigating the potentially serious homeland security implications of IoT hacks, so there’s good reason for users and organizations to stay vigilant about protecting their increasingly connected devices and the data running between them.