Students are always curious to breach university’s systems, one of such scenarios spotted when a team of hackers has targeted the vending machines of a university (name not disclosed) and other IoT devices and started attacking the university’s network.
The officials caught the incidence when some students reported slow Internet speed and inaccessible network connectivity, and a senior IT member of security team identifies a huge number of frequent requests from seafood-related domains.
The “incident commander” noticed “the name servers, responsible for Domain Name Service (DNS) lookups, were producing high-volume alerts.” However, the system was showing unusual figures of the seafood-related subdomain. While, the problem of slow Internet was identified when the system admin found that majority of Internet access was prevented, as the legitimate lookups were being dropped.
When the IT officials were unable to resolve the issue, they handed over the DNS and firewall logs to Verizon RISK (Research, Investigations, Solutions and Knowledge) Team. The team found that the hijacked vending machines and other 5,000 IoT devices were making four to five seafood-related DNS requests in an hour.
The incident commander said, “With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies. While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet.”
Earlier the incident commander thought that the university has to replace all the IoT devices like vending machines and lamp posts. However, RISK team suggested that “the botnet spread from device to device by brute forcing default and weak passwords.” Hence, the university should use strong passwords and a packet sniffer.So, for a hijacked IoT device, clear-text malware password could be intercepted.