How hackers use thingbots to take over IoT devices
As we all move to increase our network connectivity and reap the benefits of IoT, hackers have introduced new threats to take advantage of IoT device vulnerabilities.
Automation, speed and convenience are all great benefits to the IoT revolution. But the other side of the coin is that cybercriminals have devised new ways to exploit those connected devices and turn them into platforms to wage global cyberwarfare.
It all started with the rise of botnets a few years ago. Botnets are networks of infected computers or devices that can be controlled remotely and used without the user’s knowledge to host malware and launch attacks against other systems.
Fast-forward a few years and now compromised IoT devices—including smart televisions and other household appliances—are now being leveraged to host global hacking and ransomware attacks against unsuspecting targets.
These weaponized IoT devices—also known as thingbots—have been used exponentially over the last few months. For example, in June 2016, one DDoS attack using compromised IoT devices hit up to 400 Gbps. Four months later, in October of the same year, another thingbot attack was approximately 200% larger than the June attack.
As one recent report on thingbots revealed: “IoT devices have been used for launching DDoS attacks, [but] they’re also being used by vigilante thingbots to take out vulnerable infrastructure before they are used in attacks, and to host banking Trojan infrastructure. IoT devices have also been used in hacktivism attacks and are the target of nation-state cyberwarfare attacks.”
Don't trust your TV
The types of IoT devices that have been used to spearhead these DDoS attacks have been DVRs, smart TVs and other smart appliances. Users had no idea that their IoT devices were being used to launch these attacks, but the effects to date have been devastating.
What’s more, the number of connected devices is expected to skyrocket over the next few years, with an estimated 25 billion devices connected to the internet by 2020.
Not only is this an opportunity for cybercriminals to expand the scope of their attacks, it’s also an incredible opportunity for IT security providers to recommend stronger measures to help keep those devices safe.
Wireless routers and modems are the primary target for thingbots, but so are network cameras and storage systems. Linux systems seem to be more vulnerable to attacks as hackers can leverage existing Linux malware and recompile to target specific architectures.
According to one recent report, thingbots gained access to devices primarily through devices where the Telnet default login credentials were left unchanged. Infections were also acquired through known device vulnerabilities that were exploited.
So far, DDoS attacks have been the most common use of thingbots, but analysts also say that “the current crop of IoT malware has not displayed a fraction of its potential yet. We know and expect that it will definitely increase in number, and it’s not a matter of if but how the malware will increase in sophistication.”
To keep your customers safe from thingbot attacks, you need to have a strong DDoS strategy in place and ensure redundancy for critical services. It’s also important to implement credential-stuffing solutions and—above all—continually educate your customers about the potential dangers of IoT devices and how to secure them.
Let the IT security professionals at Ingram Micro show you how to increase your expertise and do more than just sell security—excel.
Contact us today, Irma.Garcia@ingrammicro.com.