Internet Of Things Caught In The Crossfire Of Microsoft Cyberwar

Over 4 million customers of No-IP found out what it feels like to be caught in the middle of a cyberwar.

It occurred when Microsoft, in an effort to thwart the distribution of the Bladabindi and Jenxcus malware, seized control of 23 domains from No-IP. No-IP provides dynamic DNS services to customers that enable them to maintain static domains while customers’ IP addresses change. Millions use these services on a daily basis to monitor and control home, small business, or technical operations through Internet of Things connected devices like nanny cams, home thermostats, and security systems.

While No-IP has not been accused of any wrongdoing, Microsoft maintains that the company had not done enough to secure their services. Similar to a point we made in a previous article, seizing the domains provides a window of opportunity to restore services for those affected by malware operated though command and control servers.

David Finn, executive director and associate general counsel of Microsoft’s Digital Crimes Unit, released the following in an email: “due to a technical error… some customers whose devices were not infected by the malware experienced a temporary loss of service,” and “[w]e regret any inconvenience these customers experienced.”

While Microsoft acted though the appropriate legal channels, the results are fairly clear and a hashtag #FreeNoIP on Twitter has been created in protest.

These tweets highlight some of the Internet-of-Things chaos that ensued as a result of the service disruption:

Home_automation

EMS

security

nanny

medical_dispatch

server

pets

Business

Even after Microsoft restored services, there are questions that still need to be answered.

  • Did the legal steps taken by Microsoft provide the necessary safeguards for users of No-IP to minimize collateral damage?
  • What can businesses do to ensure they do not get caught in the crossfire of a cyberwar that targets core Internet services like DNS?
  • What steps do businesses need to take to ensure they are not held liable for attacks launched though compromised services?
  • How long can your business survive a service disruption to core technology services?
  • What safe guards need to be in place to minimize the impact to your business?

At Dunbar Cybersecurity, we pride ourselves in having a 90-year history in risk management for our customers. If you need help or have questions about managing risk at your organization, please contact us.