Hijacked IoT Devices Used for DDoS Attacks

Security firm Symantec recently released a report that found DDoS (Dedicated Denial of Service) attacks using IoT devices are rapidly increasing.

Hijacked IoT devices with malware commonly include web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems. Hackers create a botnet through a web of hijacked consumer IoT devices, allowing them to launch DDoS attacks with unprecedented amounts of bandwidth. In the case of the recent attack on popular security expert Brian Kreb’s website, PCWorld reported the server was bombarded with a flood of requests at an unheard of 620Gbps.

The compromised IoT devices are sometimes used to launch DDoS attacks against larger targets such as corporations. And it’s not just the manufacturers who are to blame. Symantec’s report found that users are not changing the default user name and password that come with their devices. The top user name and password combinations used in brute force attacks were root and admin and admin and root.

“The current IoT threat landscape shows that it does not require much to exploit an embedded device. While we have come across several malware variants exploiting device vulnerabilities – such as Shellshock or the flaw in Ubiquiti routers — the majority of the threats simply take advantage of weak built-in defenses and default password configurations in embedded devices,” Symantec said.

Symantec noted that with the rapid growth of IoT, increased processing power in devices may prompt hackers to change future tactics, “with attackers branching out into cryptocurrency mining, information stealing, and network reconnaissance.”

The report stated that 2015 was a record year for IoT-based DDoS attacks with over half originating from China. The United States, where 29 percent of these attacks originated, and Russia, where nine percent did, also ranked high on the list. Germany, The Netherlands, Vietnam, UK, France and Ukraine and South Korea rounded out the top 10.

Eight new malware families emerged in 2015, bringing the current total to 12. To stay protected, Symantec advises to what you’re buying, change the default username and password when you set up your device, and keep firmware up to date. Symantec also advises to use wired connections instead of wireless whenever possible, disable services you don’t need, and if you use WiFi, make sure your connection is properly secured with strong encryption.

Related:

How bad is IoT security? Very.