DDoS attack from IoT devices

A small home router, a fancy iron with Wi-Fi, a smart TV – all these devices can become tools for a cyber criminal, because each of them has access to the Internet, which means that it can be hacked and used for a DDoS attack on any public server. You won’t even know about the crimes being committed until your ISP uses a deep traffic analysis (DPI) system to detect an abnormal surge in network activity from your address and block Internet access.
Attacks on IoT
Until recently, attacks on IoT devices were primarily aimed at stealing user data, but now attackers are more interested in controlling the device in order to enable its botnet and carry out DDoS attacks.
The Internet of things (IOT) is the concept of a computer network of physical objects (“things”) equipped with built – in technologies to interact with each other or with the external environment.
According to a report by Symantec, 2015 was a record year for the number of attacks on the IoT, with eight new malware families appearing on the Network. More than half of all attacks came from China and the United States, followed by Russia, Germany, the Netherlands, Ukraine and Vietnam.
These figures show which country’s IP addresses were used to launch malware, but in some cases, attackers use proxy servers to hide their location.
There are several reasons why criminals choose to hack IoT devices:

  1. Many of them are constantly available from the Internet, but since they do not have high computing power, they lack built-in security features.
  2. Such devices are most often configured once during installation, and then forgotten about them. The user does not know about all the security features, does not update the software – these factors increase the risk of hacking.
  3. The User does not change the factory usernames and passwords, which can be easily found on the Internet for any device.

Check if your Wi-Fi router can be accessed for administration under one of the login/password combinations from the table:

Popular username Popular password
root admin
admin admin
admin password
root password
admin root
DUP root 123456
ubnt 12345
access ubnt
DUP admin password
test 1234
oracle test
postgres qwerty
pi raspberry

Attackers use a simple tactic: scan all available IP addresses to detect open Telnet or SSH ports. If they find any, they attempt to log in using standard usernames and passwords. If access to the hardware is obtained, a script file (.sh) is downloaded to it using the wget or tftp commands, which in turn downloads and runs the bot body for the desired operating system.
After the bot is launched, it establishes an encrypted connection with the Command and Control (C&C) server and waits for the command to perform the attack.
The development of cross-platform malware threatens all new types of devices (web servers, routers, modems, NAS devices, video surveillance systems) that run not only on the popular x86, ARM, MIPS, Mipsel architectures, but also on the rarer PowerPC, SPARC and SuperH.
Moreover, the new “worms” are able to fight against competitors by blocking access to the device after they have launched themselves, blocking Telnet ports and making changes to iptables.
The most common malware that attacks IoT devices is Linux.Darlloz, Linux.Aidra, Linux.Xorddos, Linux.Gafgyt, Linux.Ballpit, Linux.Moose, Linux.Dofloo, Linux.Pinscan, Linux.Kaiten, Linux.Routrem, Linux.Wifatch and Linux.LuaBot.

How to protect your network and devices

To minimize the risk of hacking your IoT devices, and therefore prevent malicious attacks on public sites, you need to perform a few simple actions:
1. Examine the device’s security capabilities before purchasing.
2. To audit existing in your network devices (security settings, current software version).
3. Use unique passwords to access the device and connect to a Wi-Fi network (you cannot use admin, root, password, 123456 etc.).
4. Use strong encryption methods when connected to Wi-Fi (WPA).
5. Disable the unused network device functions (network printing, Internet cloud, etc.).
6. To disable Telnet access and use SSH.
7. Disable remote access to the device if it is not in use.
8. Regularly update the firmware from the manufacturer’s website.
9. Pay attention to the security settings of the device according to your requirements.
10. Use a wired connection instead of Wi-Fi where possible.

Now the main goal of hacking IoT devices is to organize DDoS attacks, but with the increase in the power of equipment, the goals of criminals can change and the financial sector, industrial enterprises and large companies will be under attack. Data theft or hacking into the management systems of such organizations can cause much more damage than simply restricting access to a site on the Internet. And your home device can become a participant in these crimes.

You are not alone in fighting criminals

Telecom operators and Internet service providers, for their part, also organize DDoS protection measures. Real-time traffic monitoring using DPI systems allows you to track anomalies and spikes in bandwidth utilization, determine which network node is being attacked, and block it.
For protection, various behavioral strategies (behavioral DDoS protection) are used, as well as simpler and more effective methods, such as the use of the Turing test (CAPTCHA pages). And the Carrier Grade NAT function allows you to “hide” the subscriber’s device from intruders, blocking access to it from the Internet.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *