IoT malware are coming. Will you listen to me now?

It happened again. This past weekend we witnessed another record-setting DDoS attack, probably primarily caused by infected IoT devices. This attack is attributed to the same piece of code - Linux/Mirai - which attacked KrebsOnSecurity.com and OVH in September.

List of Attacks Attributed to Linux/Mirai

I Told You! (months ago) ;)

And now, I can't resist saying "I told you so." Yes, I started researching and warning about the risks of IoT infections approximately 20 months ago! I started hacking sports wristbands, and last year, at Hacktivity and Hack.lu 2015, I publicly outlined for the first time the attack scenario where a tracker propagates infection. Then again, at Insomni'hack in March 2016, later at Area 41, and most recently at Virus Bulletin 2016, I developed the topic explaining why an attacker might want to attack a connected toothbrush, a smart watch, or other connected devices.

Fortiguard Research Papers may be accessed here, which include my own talks and papers.

Upcoming talk: "Infecting Internet of Things" at DefCamp

This will also be the main topic of my upcoming talk at DefCamp "Infecting Internet of Things". Couldn't be more appropriate, could it? Quite "amusingly," the talk was turned down by 2 conferences before that ;( So much for self-pride ;) Anyway, I resubmitted because I was really confident about the topic, and I am definitely happy to speak about it at DefCamp now.

Just like Mirai doesn't care about your IP cameras or DVRs, I will show with proof of concepts that consumer Internet of Things such as smart glasses or smart watches are at risk of propagating malware, taking part in larger attacks, or being the victims of ransomware.

Be warned, this is only the beginning of IoT-based malware.

-- the Crypto Girl