A new era of cyberattacks has dawned upon us. Now, seemingly harmless everyday appliances like printers, digital video recorders, webcams, thermostats and routers are being utilized as minions in distributed-denial-of-service (DDoS) attacks against websites.
We know, it sounds like something Hollywood cooked up for a Sci-Fi film: The robots are out to get us! But DDoS attacks are already happening, and they're more complex than you might think. Back in October, a massive attack shut down major sites such as Amazon, CNBC News, PayPal, Etsy, Netflix and Twitter for residents on the East Coast.
This past November, another DDoS attack occurred. This time, the attack happened in Germany, where the routers of as many as 900,000 people were hijacked, which led to the shutdown of the entire web in that area. This is a growing trend as hackers continue to turn their attention to all devices that can connect to the internet.
So what exactly is a DDoS attack, and how can you stop it? Here are some tips on this rapidly-expanding form of cyberattack.
Understanding DDoS attacks
In the case of the DDoS attack back in October, the DDoS attack was aimed at a domain host company called Dyn, which is part of the backbone of the internet. These types of companies basically work as the internet's phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses so computers can direct users to the site they type in the address bar. When you type komando.com into your browser, for example, domain host companies such as Dyn help to direct you there.
The DDoS attacks occurred when servers at Dyn were overwhelmed with more traffic than they can handle. These types of attacks are performed with something called a botnet.
A botnet is a group of gadgets that hackers have taken over without the owners' knowledge. The hackers seize control of unwitting gadgets with a virus or malware and then use the network of infected computers to perform large-scale hacks or scams.
DDoS attacks target a particular website or server, then flood it with an overwhelming amount of requests from the millions of connected machines. These requests ultimately cause the website or server to shut down.
The botnet in this particular instance was created with an "army" of hacked DVRs and webcams that were manufactured by a company called XiongMai. These products have been recalled since it was a vulnerability found within them that hackers were able to exploit.
Although specific details of the DDoS attack in Germany have not been released yet, investigators have uncovered that the botnet, in this case, was created by hacked routers of around 900,000 customers of a company called Deutsche Telekom.
In both cases, the hackers are said to have used a program called Mirai to launch the attack. Mirai infects smart devices such as DVRs, routers, webcams and other web-connected gadgets with malware. This malware is installed through the use of phishing emails that first infect an individual computer, then spread rapidly throughout the home network.
How can you tell if your appliance is hacked?
DDoS attacks are designed to have appliances like printers, routers, webcams, etc. to only transmit small amounts of data to aid in DDoS attacks so identifying which devices are compromised is tricky.
You may notice a slower than usual internet connection. Keep your eye out for unusual video or music streaming buffering or slow web browsing. You can also try a network analyzer like Fing to monitor your connected devices and open ports. Most routers have data packet analyzers and logs accessed by logging into the administrator page and checking if there are IP addresses that are transmitting unusual amounts of data.
What if your devices are infected with malware?
Since these Internet of Things appliance infections only reside on temporary memory, the first thing you have to do is reboot the device to clear out the malware.
If you are checking your router, IP webcam or connected printer, it is important that you change the default administrator username and password. Do this by accessing the appliance's hub (usually through a webpage or a smartphone app). If your smart appliance connects via the manufacturer's website, make sure your password is complex and unique.
Next, check for firmware updates. Now, with these attacks out in the open, manufacturers will start issuing security patches to prevent such infections. It's important to keep your firmware always up to date. If your gadget does not automatically fetch firmware updates, make sure to manually check at least every three months.
How to secure your network
Botnets can consist of a collection of smart appliances found in people's homes. But securing your network begins with securing your router.
Here's a checklist of steps you need to take immediately:
- Check to see if your router is outdated or known to have security issues.
- Update your router's firmware. (Click here to learn how.)
- Change your router's password. (Click here to learn how.)
- For new routers, skip the EZ setup option. (Click here for a better alternative.)
Beyond that, you need to be smart with your web-connected devices. The steps it takes to secure these devices vary from product to product, so it's a good idea to reach out to each of the manufacturers - but, here's a general place to get started.
The last thing - and we say this a lot, but that's because it's important - is to be careful of what you click on. Phishing emails are one of the top methods hackers use to infect devices with malware. If you're not sure how to spot a fake email, click here to take our phishing IQ test. We'll teach you all of the signs to look for.