The notorious black-hat hacking group, Lizard Squad, have been launching Distributed Denial of Service attacks on several banks, gaming services, internet providers, and governments. A United States Information Technology security firm, Arbor Networks, have discovered that Lizard Squad has released a Linux-based DDoS tool known as LizardStresser, which has been utilized to infiltrate thousands of closed-circuit cameras (CCTVs) and possibly other IoT devices, thus using them to generate DDoS attacks on several entities. Some attacks exceeded 400Gps in bandwidth. The majority of these attacks were intended mostly for Brazilian commercial banks, government organizations, gaming platforms, and internet service providers.
Lizard Squad is renowned for their involvement in launching several Distributed Denial of Service attacks against gaming platforms like Blizzard’s Battle.net, Microsoft’s Xbox Live, and Sony’s Playstation Network.
Lizard Squad has demonstrated how easy it is to compromise CCTVs and IoT devices using their tool since they understand that essentially most of these devices are barebone PCs that run stripped-down Linux operating systems, therefore missing security features. To reduce the costs and complicated means of installation, IoT devices typically employ shared hardware and software. The passwords of the majority of IoT devices are spread and shared among the collection of devices, making them prone to the telnet brute-forcing feature of LizardStresser.
Each of these devices may not appear to be powerful in terms of specifications, but LizardStresser takes control over these thousands of devices, adding up the power of their DDoS attacks.
Lizard Squad’s activities do not only illustrate the significance of the IoT’s security platform but also signify that the hardware manufacturers must ship more secure devices and offer information to their customers on how to secure them.