Page 1201 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1201
ability to disable sandboxing. This might improve performance of the
browser slightly, but the risk is significant.
Botnets, IoT, and Embedded Systems
Attackers have traditionally infected desktop and laptop computers
with malware and joined them to botnets. While this still occurs,
attackers have been expanding their reach to the Internet of Things
(IoT).
As an example, attackers used the Mirai malware in 2016 to launch
a distributed denial-of-service (DDoS) attack on Domain Name
System (DNS) servers hosted by Dyn. Most of the devices involved
in this attack were Internet of Things (IoT) devices such as
internet-connected cameras, digital video recorders, and home-
based routers that were infected and added to the Mirai botnet.
The attack effectively prevented users from accessing many
popular websites such as Twitter, Netflix, Amazon, Reddit, Spotify,
and more.
Embedded systems include any device with a processor, an
operating system, and one or more dedicated apps. Some examples
include devices that control traffic lights, medical equipment,
automatic teller machine (ATM), printers, thermostats, digital
watches, and digital cameras. Many automobiles include multiple
embedded systems such as those used for cruise control, backup
sensors, rain/wiper sensors, dashboard displays, engine controls
and monitors, suspension controls, and more. When any of these
devices have connectivity to the internet, they become part of the
IoT.
This explosion of embedded systems is certainly improving many
products. However, if they have internet access, it’s just a matter of
time before attackers figure out how to exploit them. Ideally,
manufacturers will design and build them with security in mind
and include methods to easily update them. The Mirai DNS attack
indicates they haven’t done so, at least by 2016.
