advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

Smart home tech could be helping criminals disrupt internet services

  • Malware based on Mirai is being used to corral smart home tech, routers and more to execute DDOS attacks.
  • These attacks are advertised on the dark web for as little as $1 350 per month.
  • These attacks are largely executed using botnets made-up of compromised IoT devices.

Back in 2016 a new strain of malware was making headlines for all the wrong reasons. Dubbed Mirai, the malware was able to corral internet-connected cameras and routers into a massive botnet. This botnet was capable of executing massive distributed denial of service (DDoS) attacks one of which took out Netflix and Twitter for a few hours.

The way Mirai was able to spread so easily came down to the proliferation of internet-connected security cameras. Unfortunately, while these became popular, proper cybersecurity practices didn’t. This left Mirai with countless target devices using default usernames and passwords that it could infect and use to execute attacks.

While the creators of Mirai were found and eventually helped the FBI find other cybercriminals, the legacy of their creation lives on thanks to the release of Mirai’s source code. The creators released this source code and since then evolutions of the malware have appeared online.

Of late, Mirai has been popping up again and there is something of a competitive market forming among creators of malware designed to capture Internet of Things (IoT) devices.

Cybercriminals are, according Kaspersky, advertising DDoS attack services on dark web forums. In the first half of 2023, Kaspersky spotted 700 adverts for this sort of service. These services employ botnets to execute the attack.

“The primary method for infecting IoT devices continues to be through brute-forcing weak passwords, followed by exploiting vulnerabilities in network services. Brute-force attacks on devices are commonly directed at Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorised access by cracking passwords, allowing them to execute arbitrary commands and malware. Although SSH, a more secure protocol, is also susceptible, it presents a greater resource challenge for attackers,” explains Kaspersky.

The services range in price from $63.50 per day to $1 340 per month. A small price to pay to disrupt a host of internet services and potentially hold them to ransom.

For those of us at home though this could mean your router or internet camera which uses basic passwords, or even the default password which you can find online incredibly easily could form part of a botnet.

The trouble is that many people don’t change the password on their new smart camera or other new smart home tech. This is incredibly dangerous as aside from your tech being used to knock out internet services, it could be a route into your home.

A NAS connected to the internet for example could be compromised if not properly secured. From there a hacker could compromise a piece of IoT tech to gain access to your work notebook when you’re working from home.

While it’s easy to blame the user here, the fact is that technology is tricky and the average buyer isn’t going to consider themselves a target for cybercrime. The firms producing the technology, however, need to do better.

“Kaspersky urges vendors to prioritise cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities. In a nutshell, the IoT world is filled with cyber dangers, including DDoS attacks, ransomware, and security issues in both smart home and industrial devices. Kaspersky’s report stresses the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users,” says security expert at Kaspersky, Yaroslav Shmelev.

That point about patches to fix vulnerabilities is hugely important but it also needs to be easy. Even as somebody immersed in technology every day, I’d be lying if I said I regularly updated the firmware on my router, in fact, I’m not even sure the manufacturer still supports and provides updates for the router I use.

And this problem is only going to get worse as more connected fridges and smart cameras come online.

With so much of our economy, lives, and communication relying on the internet, we’d all do well to safeguard it against massive disruptions caused by DDoS attacks that use our smart air fryers.

[Image – Alan J. Hendry on Unsplash]

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

Cybercriminals prefer targeting online shoppers

How to check if that SMS job offer is real

Local scammers have started adding targets to WhatsApp groups

X gets a grave lesson on why search and replace is a bad idea

Did Apple warn you about targeted spyware? Take it seriously

Malware creators find innovative ways to steal your data

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.