A university, mercifully left unnamed, blew off complaints from students about its slow network. When the problem became too bad to ignore, their IT team found the culprit thanks to a “sudden big interest in seafood-related domains.”
The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to our IoT infrastructure. With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies. While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet. … botnet spread from device to device by brute forcing default and weak passwords. Once the password was known, the malware had full control of the device and would check in with command infrastructure for updates and change the device’s password – locking us out of the 5,000 systems.
The Internet of Hacked Things strikes again! I’m sure some content filtering and updating passwords will do the trick.