Do you remember hearing about the massive Distributed Denial of Service (DDoS) attack last October that shut down popular websites like Amazon, Netflix and Comcast? The sites were shut down with the help of a botnet, a group of Internet-of-Things (IoT) gadgets taken over by hackers without the owners' knowledge. Cybercriminals used these gadgets to overwhelm the Domain Name Server, shutting down the popular sites.
Now, hackers are attacking IoT gadgets in a more devious way. You could lose control of your device forever.
How hackers are attacking IoT gadgets now
Hackers are making IoT gadgets unusable by scrambling their internal code. Researchers with Radware recently discovered cybercriminals were using BrickerBot malware to attack IoT devices for this purpose. It's a Permanent Denial of Service (PDoS) attack.
Scammers have been scouring the internet to find IoT gadgets that are still using default usernames and passwords. When they gain access to these unsecured devices, the BrickerBot malware corrupts the gadgets' storage and they no longer function properly, also known as bricking.
This malware has an added command that hides any trace of infection, which makes it impossible to know where the attack originated. BrickerBot is such a problem that Homeland Security's Cyber Emergency Response Team (CERT) has issued a warning about it.
CERT is stressing the importance of changing your IoT gadgets' default credentials and disabling telnet. You also need to secure your home router to keep hackers out.
How to protect your IoT gadgets
Routers can be taken over to perform illegal activities like DDoS or PDoS attacks or piracy. The scary part is you might not even know your router is compromised and being used for nefarious deeds.
Checking your router for new firmware to prevent exploits like these is a must. If you are not regularly updating your router, you’re ripe for attack.
Updating your router’s firmware is not as hard as it sounds. The procedure depends on your router, but you typically access an administrator page via a browser. Simply type the router’s default IP address of your particular router in your browser’s address bar.
Common IP addresses for popular routers are 192.168.1.1 for Linksys and D-Link, 192.168.0.1 for Netgear, or 192.168.2.1 for Belkin. Should none of these addresses work for you, a free app can help.
Fing is a network tool that you should have in your tech arsenal even if you know your router’s IP address. Sure, you’ll learn your router’s IP address but you can also see all devices connected to your network, check your internet connectivity, monitor the network and detect intruders. Click here for more information and the links you need for both Apple and Android devices.
Once you're on the router’s administrator page in a browser, you will have to enter a username and password to log in. Remember when I said that passwords were readily available online? Click here for the link you need to find just about any router’s username and password.
Once logged in, find an area called "Advanced" or "Management" to check for firmware updates. Usually, you will have the option to check, review, download, and install your router's new firmware on the same page.
Network security provides more than firmware updates. In this Komando Flash Tip video, you can see the steps necessary to secure your network in less than 60 seconds. Click here to watch now.
Router firmware updates require a restart so make sure you do not have ongoing activities that require a network connection when you apply the update. Make an appointment now in your calendar. You should check for router firmware updates at least once every three months.