The fact that IoT(Internet of Things) are vulnerable to exploitation is a well-known fact. The malicious actors get their jobs done easily, thanks to phenomena of default login credentials used by the sys admins which makes them the easy targets. We also came to know about capabilities of even smaller number of infected IoT devices since they are turned into an army of botnets to create havoc at any internet network of a targeted organisation. This recent incident does again prove that these incidents are sure to happen if we continue to make IoT devices with vulnerabilities.
The RISK (Research, Investigations, Solutions and Knowledge) department researchers of Verizon Enterprise were tasked with the investigation of internet blockage at one of the unidentified US university and they found that [PDF] thousands of infected IoT devices are responsible for the internet cutting off. The attackers have reprogrammed these devices to start attempting to connect with seafood-oriented websites.
The attackers have hacked 5,000 devices so all of these send out DNS queries continuously (A DDoS attack) and fulfill their malicious objectives. The attackers have used a variety of devices from vending machines to street lamps. The network of the University has resultantly, started to finally slow down the malware in the IoT devices which started attacking its drink vending machines. When one of the devices is infected, the malware started searching for more vulnerable devices and the chain reaction followed suite. When a single device was infected, the malware modified its admin password making it difficult to remove the infection.
When the IT staff of the university got a hint of the malware attack, they quickly responded by tracking down the new passwords and since these were transmitted in clear text format instead of being encrypted, their job became easier as they were able to intercept them using a packet-sniffing app.