You
might be surprised to know that your security cameras,
Internet-connected toasters and refrigerators may have inadvertently
participated in the massive cyber attack that broke a large portion of the Internet on Friday.
That's due to massive Distributed Denial of Service (DDoS) attacks
against Dyn, a major domain name system (DNS) provider that many sites
and services use as their upstream DNS provider for turning IP addresses
into human-readable websites.
The result we all know:
Twitter, GitHub, Amazon, Netflix, Pinterest, Etsy, Reddit, PayPal, and AirBnb, were among hundreds of sites and services that were rendered inaccessible to Millions of people worldwide for several hours.
Why and How the Deadliest DDoS Attack Happened
It was reported that the Mirai bots were used in the massive DDoS
attacks against DynDNS, but they "were separate and distinct" bots from
those used to execute record-breaking DDoS attack against French Internet service and hosting provider OVH.
Here's why: Initially the source code of the Mirai malware was
limited to a few number of hackers who were aware of the underground
hacking forum where it was released.
But later, the link to the Mirai source code
suddenly received a huge promotion from thousands of media websites
after it got exclusively publicized by journalist Brian Krebs on his
personal blog.
Due to the worldwide news release and promotion, copycat hackers and
unprofessional hackers are now creating their own botnet networks by
hacking millions of smart devices to launch DDoS attacks, as well as to
make money by selling their botnets as DDoS-for-hire service.
Mirai malware is designed to scan for Internet of Things
(IoT) devices – mostly routers, security cameras, DVRs or WebIP
cameras, Linux servers, and devices running Busybox – that are still
using their default passwords. It enslaves vast numbers of these devices
into a botnet, which is then used to launch DDoS attacks.
Chinese Firm Admits Its Hacked DVRs and Cameras Were Behind Largest DDoS Attack
More such attacks are expected to happen and will not stop until IoT
manufacturers take the security of these Internet-connected devices
seriously.
One such IoT electronic manufacturer is Chinese firm Hangzhou Xiongmai
Technology which admitted its products – DVRs and internet-connected
cameras – inadvertently played a role in the Friday's massive cyber attack against DynDNS.
The Mirai malware can easily be removed from infected devices by
rebooting them, but the devices will end up infecting again in a matter
of minutes if their owners and manufacturers do not take proper measures
to protect them.
What's worse? Some of these devices, which include connected devices from Xiongmai, can not be protected because of hardcoded passwords, and the fact that their makers implemented them in a way that they cannot easily be updated.
"Mirai is a huge disaster for the Internet of Things," the company confirmed to IDG News. "[We] have to admit that our products also suffered from hacker's break-in and illegal use."
The company claimed to have rolled out patches for security
vulnerabilities, involving weak default passwords, which allowed the
Mirai malware to infect its products and use them to launch massive DDoS
attack against DynDNS.
However, Xiongmai products that are running older versions of the
firmware are still vulnerable. To tackle this issue, the company has
advised its customers to update their product's firmware and change
their default credentials.
The electronics components firm would also recall
some of its earlier products, specifically webcam models, sold in the
US and send customers a patch for products made before April last year,
Xiongmai said in a statement on its official microblog.
Hackers are selling IoT-based Botnet capable of 1 Tbps DDoS Attack
Even worse is expected:
The Friday's DDoS attack that knocked down half of the Internet in the
U.S. is just the beginning because hackers have started selling access
to a huge army of hacked IoT devices designed to launch attacks that are capable of severely disrupting any web service.
The seller claimed their botnet could generate 1 Terabit of traffic that’s almost equal to the world's largest DDoS attack against OVH earlier this month, Forbes reported.
Anyone could buy 50,000 bots for $4,600, and 100,000 bots for $7,500, which can be combined to overwhelm targets with data.
Hacker groups have long sold access to botnets as a DDoS weapon for hire – like the infamous Lizard Squad's DDoS attack tool Lizard Stresser
– but those botnets largely comprised of compromised vulnerable
routers, and not IoT devices like connected cameras, toasters, fridges
and kettles (which are now available in bulk).
In a separate disclosure, a hacking group calling itself New World Hackers has also claimed responsibility for the Friday's DDoS attacks, though it is not confirmed yet.
New World Hackers is the same group that briefly knocked the BBC offline last year. The group claimed to be a hacktivist collective with members in China, Russia, and India.
Well, who is behind the Friday's cyber attack is still unclear. The US
Department of Homeland Security (DHS) and the FBI are investigating the
DDoS attacks hit DynDNS, but none of the agencies yet speculated on who
might be behind them.
The DynDNS DDoS attack has already shown the danger of IoT-based botnets,
alarming both IoT manufacturers to start caring about implementing
security on their products, and end users to start caring about the
basic safety of their connected devices.
EmoticonEmoticon