Earlier this month, a cybercriminal published the source code of a malware (known as Mirai) used to operate the Internet of Things (IoT) botnet that caused the largest ever DDoS attack, against KrebsOnSecurity. Researchers have investigated Mirai and discovered that the botnet made of Mirai-infected devices has reached over 160 countries (164 countries according to Imperva, and 177 countries according to MalwareTech). Mirai effectiveness and quick spread is due to the fact that it targets IoT devices that are easy to hack, as Motherboard notes. Experts believe that the hackers have released of the code in order to make it harder for security companies to attribute the attack to a particular person or a group, since many would have the code. This release could, however, enable many less skillful hackers to compile own botnets and conduct strong DDoS or other types of attacks using various connected devices.
The Internet of Things (IoT) includes a wide range of Internet-connected devices, from highly digitalised cars, home appliances (e.g. fridges), and smart watches, to digitalised clothes that can monitor health. IoT devices are often connected in wide-systems, typically described as 'smart houses' or 'smart cities'.
Cybersecurity is among the main concerns of governments, Internet users, technical and business communities. Cyberthreats and cyberattacks are on the increase, and so is the extent of the financial loss.
Yet, when the Internet was first invented, security was not a concern for the inventors. In fact, the Internet was originally designed for use by a closed circle of (mainly) academics. Communication among its users was open.
Cybersecurity came into sharper focus with the Internet expansion beyond the circle of the Internet pioneers. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its disadvantage.
Cybercrime is crime committed via the Internet and computer systems. One category of cybercrimes are those affecting the confidentiality, integrity and availability of data and computer systems; they include: unauthorised access to computer systems, illegal interception of data transmissions, data interference (damaging, deletion, deterioration, alteration of suppression of data), system interf