Verizon recently released a sneak peek of it's January 2017 edition of Data Breach Digest, where a University is cyber-attacked, preventing access to the majority of the internet, by it's vending machines and other Internet of Things (IoT) devices. The Verizon RISK Team and Senior IT Security Team identified the attack of over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes nearly all on the IoT infrastructure. A botnet had "...spread from device to device by brute force default and weak passwords." In the end, instead of having to replace all the IoT devices, analysis of the malware showed a full packet capture device could be used to regain control.
The take away points in the report include creating network zones for IoT systems, changing default credentials as well as using strong passwords.
Editor's note: As we use more and more technology to make vending machines smarter and operations run more efficiently, we have to be aware of the risks. Hackers can use some of these points to enter networks and cause havoc, but safe guards can be taken. It requires expert knowledge and should be discussed with the location's IT department as well as your own. Without the proper precautions, there could be a backlash due to such security breaches that would hurt our industry.
