A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
You know by now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006.

Over the last decade, reports have increasingly detailed the flaws and vulnerabilities that can plague insecure implementations of a set of networking protocols called Universal Plug and Play. But where these possibilities were largely academic before, Akamai found evidence that attackers are actively exploiting these weaknesses not to attack the devices themselves, but as a jumping off point for all sorts of malicious behavior, which could include DDoS attacks, malware distribution, spamming/phishing/account takeovers, click fraud, and credit card theft.
To pull that off, hackers are using UPnP weaknesses in commercial routers and other devices to reroute their traffic over and over again until it's nearly impossible to trace.
This creates elaborate "proxy" chains that cover an attacker's tracks, and create what Akamai calls "multi-purpose proxy botnets."

"We started talking about how many of these vulnerable devices are out there and what can they be leveraged for, because most people seem to have forgotten about this vulnerability," says Chad Seaman, a senior engineer on the security intelligence response team at Akamai. "As part of that we had to write some basic tools to find what was vulnerable. And some of these machines did have very abnormal [activity] on them. It was not something that we honestly expected to find and when we did it was kind of like 'uh oh.' So this theorized problem is actually being abused by somebody."
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Yes the problem is that companies focus mainly on the technical aspect of the digital transformation, but they are not very ready about the risks linked to it. Moving on to the connected machines also means to consider the danger that they will be compromised by hackers. Concerns that will be destined to increase in the coming years, when the factory will become hyper-connected and where the IoT devices will play an important role.
 
  • Like
Reactions: frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top