Report: Malware “Recruits” IoT Devices, Design Regulation Needed

Manufacturer negligence is to blame for a recent spate of botnet engendered DDoS (Distributed Denial of Service) attacks on devices like DVRs and IP-enabled closed circuit TV cameras, according to a report from Washington think tank the Institute for Critical Infrastructure Technology. The devices were infected by the so-called Mirai malware, which is specifically designed to target and recruit IoT devices into botnets. The think tank report blames IoT vulnerabilities on “device manufacturers who negligently avoid incorporating security-by-design into their systems because they have not yet been economically incentivized and they instead choose to pass the risk and the impact onto unsuspecting end-users.” More regulation is called for, the report says, and specifically federal regulation, because  state-level regulation “could prove asymmetric or disastrous to markets and consumers alike.”