Quantcast
Channel: iTWire - Entertainment
Viewing all articles
Browse latest Browse all 4710

DDoS attacks – you may be helping to pay for them

$
0
0
DDoS attacks – you may be helping to pay for them

Up to one million IoT devices were used to generate the world’s largest DDoS attack on the Brian Krebs on Security website. IoT is now the preferred botnet delivery vector for cyber criminals and hackers.

Symantec, a global leader in cyber security, has revealed new research demonstrating how cyber-criminal networks are taking advantage of lax Internet of Things (IoT) device security to spread malware and create zombie networks, or botnets, unknown to the device owners.

Its Security Response team has discovered that cyber criminals are hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies. To succeed, they need cheap bandwidth and get it by stitching together consumer devices that are easy to infect because they lack sophisticated security. What is worse, you are paying for the attack via your upload data allowance.

It found that more than half of all IoT attacks originate from China and the US, based on the IP addresses. High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP addresses may be proxies used by attackers to hide their true location.

{loadposition ray}

Most IoT malware targets non-PC embedded devices such as Web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems. Many are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features.

As attackers are now highly aware of insufficient IoT security, many pre-program their malware with commonly used and default passwords, allowing them to easily hijack IoT devices. Poor security on many IoT devices makes them easy targets, and often victims may not even know they have been infected.

Additional findings from Symantec’s research include:

  • The year 2015 was a record one for IoT attacks, with plenty of speculation about possible hijacking of home automation and home security devices. However, attacks to date have shown that attackers tend to be less interested in the victim and the majority wish to hijack a device to add it to a botnet, most of which are used to perform DDoS attacks.
  • IoT devices are a prime target since they are designed to be plugged in and forgotten after basic set-up.
  • The most common passwords IoT malware used to attempt to log into devices was, unsurprisingly, the combination of “root” and “admin” indicating that default passwords are frequently never changed.
  • Attacks originating from multiple IoT platforms simultaneously may be seen more often in the future, as the amount of the embedded devices connected to the Internet rises.

It suggests that users protect IoT devices as follows:

  • Assume that all IoT devices can be compromised and secure them from that standpoint.
  • Move them to a separate network from your home network.
  • Immediately change the admin login and password.
  • Disable unused features such as Telnet, FTP or Internet “cloud” remote access.
  • Wired connections to IoT devices are more secure that Wi-Fi.
  • Keep IoT devices firmware up to date – it is not a matter of set and forget.
  • Use an IP scanner such as the free Advanced IP Scanner (for Windows 10 or earlier) to check and identify IP devices on the network.
  • Check traffic usage regularly (ISP bills will reveal this monthly, but it may be best to look more frequently).

Almost any IoT device can send an alert (email) or go to a website.

  • Smart thermostats
  • Smart locks
  • Smart light bulbs
  • Smart smoke detectors
  • Smart energy management devices
  • Smart hubs
  • Security alarms
  • Surveillance IP cameras
  • Entertainment systems (smart TV, TV set-top boxes, etc.)
  • Broadband routers
  • Network attached storage (NAS) devices

Viewing all articles
Browse latest Browse all 4710

Trending Articles