The IoT Boomerang Effect

Over 6 Billion devices currently make up the ever-growing network known as the IoT. It’s  predicted that by 2020, IoT devices will grow to over 26 billion, constituting an exponential growth in just three years’ time. While this vast network of interconnectivity certainly makes our lives easier in the personal, public and business spheres, we are already witnessing a tremendous IoT boomerang effect. Let’s look at how cybercriminals are already taking advantage of this mass interconnectivity to strike at business (small and large) and even governmental installations.     

IoT Attacks are International

In November 2016, cybercriminals took advantage of IoT devices to attack five major Russian banks. The hackers succeeded in harnessing nearly 24,000 computer systems and IoT devices from thirty different countries to launch DDoS attacks against various banks and the Moscow Exchange. While the attacks failed to interrupt, or bring down the systems, Kaspersky Lab, noted that requests were sent at a rate of 600,000 per second. This was not the first time that these banks were targeted. Stanislav Kuznetsov, a senior executive at Sberbank, admitted that his bank had been targeted 68 times since the start of 2016, but this last attack was the largest. While it is not yet certain, these latest attacks might have been political in nature and organized by a DDos-for-hire-service, as revenge over alleged Russian hacking, which many believed interfered with the US elections. Politics and crime can certainly make strange bedfellows.

The Russian Banks attack was nothing compared to what happened against Dyn in October of 2016. Cybercriminals successfully marshaled over 100,000 IoT devices, including cell phones, printers and security cameras and more to organize what Dyn referred to as complex and sophisticated attack. Internet access was disrupted to millions of users for a number of hours, as hackers launched two separate attacks in succession. The DDoS penetrated platforms in the Asia Pacific, South America, Eastern Europe, and western United States regions, which was exasperated by millions of retries. The retries made it difficult for the company to differentiate enemy and friendly users making it harder to stop the attack.  

IoT October attacks also occurred in Asia against Singapore telco StarHub, which also interrupted internet service for two days on October 22nd and 24th. In the case of StarHub, the DDoS came through their own customers’ hacked machines, turning them into bug-infested zombies that succeeded in overwhelming the system. While not confirming the number of compromised IPs or devices, StarHub CTO Mock Pak Lum reported that hacked devices used in the attack included broadband routers and webcams, which caused a spike in web traffic. As part of the initial response, telco has begun implementing source tracing, traffic filtering and upped DNS by 400%. The company has also begun working in close cooperation with the CSA to share information and learn from the investigation.

The Impact of IoT device breaches on Small to Medium Businesses

Hackers don’t always think big, and while the press headlines cover extensively the mighty hack successes, the equivalent of a Hollywood production, many many smaller hacks go unreported. It’s not only the big brand names that are really at risk. Small to Medium businesses are a prosperous feeding ground for hungry hackers. They are also the companies less likely to invest in cybersecurity, believing that they are ‘unattractive’.

For example,  we have always known the CCTV cameras could be trusted to guard over our shops, businesses and homes. However, CCTVs are also part of the IoT and thus subjected to the same dangers as all other devices. In June 2016, Sucuri discovered that a small jewelry shop had been subjected to over 30,000 HTTP requests, involving a botnet of over 25,000 CCTV cameras from around the world. When Sucri tried to counter attack, the botnet increased the HTTP requests to 50,000 per second, completely inundating the jewelry website. While they are not yet certain how 25,0000 CCTVs from 25,513 unique IP addresses worldwide were hacked, and mobilized to attack within hours, there may have been a common security hole in the DVR boxes. Until now, CCTVs have not been particularly high on the priority list for most security admins, surely now they will pay closer attention.

Aside from using CCTVs to create a botnet army, it should be also remembered that without the right security settings any CCTV can be hacked and streamed anywhere. There is even a website that allows visitors to pick from thousands of locations worldwide and watch unsuspecting people. While this website has created rules of what they allow to show to protect some privacy, you do not want to take the chance that your business operation could be compromised by an infiltrator.

Visit Cyberint to learn what your business can do to fend off cybercrime.