A university had been receiving an increasing number of complaints from students across campus about slow or inaccessible network connectivity.
It turned out that hijacked vending machines (and 5,000) other Internet of Things (IoT) devices attacked the university network and slowed it right down.
The investigation into the campus network slow down found problems with five thousand systems.
The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to our IoT infrastructure.
The university had made a large investment into an intelligent campus for management and efficiency.
With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies.
The problem was narrowed down a spreading botnet.
This botnet spread from device to device by brute forcing default and weak passwords. Once the password was known, the malware had full control of the device and would check in with command infrastructure for updates and change the device’s password – locking us out of the 5,000 systems.
The case study does talk about the final solution, but also importantly the lessons learned.
Don’t keep all your eggs in one basket; create separate network zones for IoT systems; air-gap them from other critical networks where possible.
The Internet of Things could provide powerful benefits to a university or college, but as stories such as these show us, sometimes we also need to balance those benefits with am understanding of the potential risks, but also what needs to be done to mitigate those risks.
How are you protecting your network and IoT devices?