A new era of cyberattacks has dawned upon us. Now, seemingly harmless everyday appliances like printers, digital video recorders, webcams, thermostats and routers are being utilized as minions in distributed-denial-of-service (DDoS) attacks against websites.
DDoS is an attack where a targeted website is flooded by an overwhelming amount of requests from millions of connected machines in order to bring it down. Traditionally, these attacks are launched from compromised computers and mobile gadgets collectively nicknamed "botnet."
However, recent DDoS attacks on a security blogger's website and French website host OVH reveal that now, it's not just computers that are being utilized as botnets - even Internet of Things (IoT) appliances are now fair game.
This means unsecured routers, printers, IP web cameras, DVRs, cable boxes, connected "smart" appliances such as Wi-Fi light bulbs and smart locks can be hijacked and involved in cyberattacks without the owner knowing about it. To remain unnoticed, compromised appliances could be sending out small trickles of data to make the attack discrete. Multiply that by millions and what you have is the perfect DDoS attack vector.
How serious is this? The recent attacks are reported to be the largest targeted DDoS attempts ever, with a sustained data stream of 620 Gbps and even reaching data rates of over a terabit per second, all accomplished by enslaving connected Internet of Things appliances via a trojan program infection.
Alarmingly, the source code for this smart appliance trojan program, named Mirai, has been published online for everyone to see. This means we will be seeing more of these attacks in the future and securing these connected appliances is as vital as ever.
Mirai is said to compromise about 380,000 connected appliances a day but thankfully, after the recent DDoS attacks, internet service providers have started to block infected devices and the rate of infections has started dropping.
One peculiar thing about smart appliance infections is that they clear out after a reboot because the malware only resides in temporary memory. To maintain a large botnet capable of launching a massive DDoS attack, hackers need to infect and reinfect new appliances every day.
The common vector for these smart appliances is open public ports. These are used by Internet of Things appliances so they can be accessible away from home. Hackers usually scan for open and exploitable ports remotely and this is how they usually locate target appliances.
Another reason why these attacks are gaining popularity is due to the fact that consumers assume that these are merely plug-and-play appliances. Usually, we set them and forget them and security is an afterthought. These recent attacks have changed the game for consumers and manufacturers alike.
How can you tell if your appliance is hacked?
As I mentioned earlier, these attacks were designed to have appliances like printers, routers, webcams, etc. to only transmit small amounts of data to aid in DDoS attacks so identifying which devices are compromised is tricky.
You may notice a slower than usual internet connection. Keep your eye out for unusual video or music streaming buffering or slow web browsing. You can also try a network analyzer like Fing to monitor your connected devices and open ports. Most routers have data packet analyzers and logs accessed by logging into the administrator page and checking if there are IP addresses that are transmitting unusual amounts of data.
Protect your appliances
Since these Internet of Things appliance infections only reside on temporary memory, the first thing you have to do is reboot the device to clear out the malware.
If you are checking your router, IP webcam or connected printer, it is important that you change the default administrator username and password. Do this by accessing the appliance's hub (usually through a web page or a smartphone app). If your smart appliance connects via the manufacturer's website, make sure your password for their site is complex and unique.
Next, check for firmware updates. Now, with these attacks out in the open, manufacturers will start issuing security patches to prevent such infections. It's important to keep your firmware always up to date. If your gadget does not automatically fetch firmware updates, make sure to manually check at least every three months.
Some routers have some firewall functionality too. In your router's administrator page, look for settings named "Disable Port Scan" and "Enable DoS Protection" and make sure you turn these on.
As evidenced by these recent attacks and techniques, in this increasingly connected world, it goes without saying the more our homes become "smarter," the more we have to be smarter about our homes.