Sign up now
Australia Shopping Network. It's All About Shopping!
Categories

Posted: 2016-11-04 11:00:00

Hackers are launching massive denial of service attacks swamping major internet sites by using hijacked smart devices like smart TVs and security cameras.

SECURITY experts have warned of a new wave of attacks far greater than the one that crippled the ABS census server with hackers exploiting an army of infected smart devices in homes and businesses around the world.

While the distributed denial of service attack that cause the Censusfail meltdown by flooding it with traffic was so small it did not rate on international monitoring services, two major attacks in the past two weeks have been linked to an army of hijacked internet-connected devices including security cameras and digital video recorders that have been compromised with malware called the Mirai botnet.

A botnet is a “zombie army” of computers or smart devices that have been hacked so that they can be used without the owner’s knowledge to send spam messages, launch hacks on other systems or be used in denial of service attacks.

The new threat to emerge in the past fortnight is that hackers have been selling off access to hijacked smart devices. Computer security firms F-Secure and RSA warn that anyone willing to spend as little as $5000 could launch a massive DDOS attack.

Mikko Hypponen, chief research officer with security company F-Secure, called the internet of Things “a clear and present danger for the internet.”

Security experts believe the Mirai code was developed by Russian hackers, with a Russian-language message hidden in the code that translates to “I love chicken nuggets”.

Mirai takes over smart devices that have been set up with the default usernames and passwords.

A report by security firm Level 3 Threat Research Labs warns there are at least half a million smart devices that have been compromised by Mirai.

“With a rapidly increasing market for these devices and little attention being paid to security, the threat from these botnets is growing,” the report says.

Cyber security company Imperva Incapsula has identified Mirai-infected devices in 164 countries including Australia, with one in eight hijacked devices being in Vietnam.

At the recent Def Con conference in Las Vegas held in August, security experts identified 47 new vulnerabilities in 23 internet of Things devices from 21 manufacturers.

The range of vulnerabilities included smart locks that could be unlocked by a hacker, a thermostat which could be controlled remotely to overheat and a wheelchair which could have its safety features turned off and be remotely controlled by a malicious source.

In DDOS attack linked to the Mirai botnet on October 16, a French internet company was swamped with more than 2000 times the amount of traffic that crippled the Census server.

The following week the Mirai botnet was used to target cloud-based internet Performance Management company Dyn, which resulted in major sites including Twitter, PayPal, Amazon, Netflix and Airbnb were flooded with traffic making them inaccessible to millions of people in America.

Dyn chief strategy officer Kyle York called it “a sophisticated, highly distributed attack involving tens of millions of IP addresses”.

Computer security firm Flashpoint identified many of the devices involved in the attack were compromised digital video recorders and security cameras.

Security firm BullGuard, which makes a free scanner for people to test the vulnerability of the smart devices in their home, estimates that as many of 185 million smart devices in homes and offices could be vulnerable to exploitation with tools such as the Mirai botnet.

The Symantec Insecurity in the internet of Things (IoT) report last year warned hackers were targeting smart devices in the home as a weak link.

“It is just a matter of time until attackers find a way to profit from attacking IoT devices,” the report says.

“This may lead to connected toasters that mine cryptocurrencies (like bitcoin) or smart TVs that are held ransom by malware.

“Unfortunately, the current state of IoT security does not make it difficult for attackers to compromise these devices once they see the benefit of doing so.”

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above