Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Cyber Attack Leverages Internet of Things

Researchers at Proofpoint have uncovered what could be the first significant attack using the ‘Internet of Things.’

Researchers at Proofpoint have uncovered what could be the first significant attack using the ‘Internet of Things.’

According to Proofpoint, the attack leveraged 100,000 consumer gadgets ranging from televisions to home networking routers to at least one refrigerator. The attack occurred between Dec. 23, 2013, and Jan. 6, and typically involved bursts of emails three times a day. Roughly 25 percent came from devices that were not conventional laptops, desktop computers or mobile devices.

“Most gadgets don’t appear to have been infected by remote control software…in the traditional way personal computers are infected,” explained David Knight, general manager of Proofpoint’s Information Security Division. “Most seem to have simply been left open so existing software running on them can be used by attackers. Specifically, a vast number of the devices are running embedded linux servers -usually busybox, some use mini-httpd, some apache. Some are ARM devices, some are MIPS…others are based on an embedded Realtek chipset – eg. media players. We believe some are game consoles.”

The common denominator, Knight said, is that many have open telnet, open SSH and a SMTP server, meaning that an actual exploit by the attacker is not necessary.

Advertisement. Scroll to continue reading.

“There’s less infection or exploit involved by the attacker than simple ‘open or default user/pass login [and] configuration’, login and set up the existing emailer to send or relay malicious email,” he said. “It’s like someone installing a webserver and email server on a laptop, hooking it up to the internet, and leaving it on with no password or a default password… someone will come along and start using that webserver and email server.”

The targets of the emails included individuals and enterprises alike. According to Proofpoint, no more than 10 emails were sent from any single IP address, which made the attack difficult to block based on location. Origin IP addresses in the malicious emails were checked for spoofing and true origin IP addresses were checked for open or default [username and password] FTP, telnet and HTTP access.

“The results spoke for themselves when the IPs responded with explicit identification, including well-known, often graphically branded… interfaces, file structures, and content such as firmware update files on FTP ports,” Knight said.

“The challenge of an open computer running a well-known linux operating system, webserver, and email server is that it can be repurposed to do many things,” he said. “We saw it sending spam and malicious email…but the attacker with access to these devices could equally well use the devices for DDOS attacks (flooding websites with traffic, so that they crash), or bitcoin mining, or as repositories for stolen intellectual property or software, or… the list goes on.  It’s a free online computer with storage space. Its uses are infinite.”

John Pescatore, director of emerging trends at SANS Institute, told SecurityWeek that the security realities facing consumer smart devices are not unlike those that existed for WiFi when it first became popular and home access points were often unsecure.

“The industry got behind first WEP, then WPA, and now it is much more common to find the majority of access points secured and the out of the box instructions emphasizing security,” Pescatore said. “The same needs to happen with all those consumer items – raise the out of the box security level just enough to make it take conscious action to open up the easy attacks paths.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.