2 min read

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Silviu STAHIE

October 22, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

The idea that our IoT devices might present an attractive target may seem ridiculous. What could attackers achieve by compromising my vacuum cleaner or my smart TV? Well, it turns out that simple access to those devices is a coveted prize.

Whether we're aware or not, our homes have become smart hubs filled with intelligent devices. We have smart TVs (some with really powerful hardware), vacuums, washing machines, speakers, personal assistants, streaming devices, surveillance cameras, network-attached devices (NAS), smartphones and PCs. And that only scratches the surface of what people have inside their homes.

Any of these devices might have vulnerabilities that would allow attackers to take control or at least compromise them. While we can't compare a compromised PC with a compromised washing machine, it doesn't mean that laundry appliance holds no interest.

The value of IoT devices

Each IoT device we bring into our home serves a particular purpose. With a few exceptions, such as NAS or a PC, most of them don't have powerful hardware, and they usually run proprietary operating systems. But all these devices share one thing: they are connected to the internet, and that connection makes them extremely valuable.

Sure enough, some criminals will go after a PC or NAS to steal data, launch attacks in the same network or block access by deploying ransomware. There's no ransomware designed to hijack a smart TV or vacuum cleaner, but manufacturers still issue security patches and close potential vulnerabilities because they know the potential impact a compromised device can have.

DDoS as a business

One of the multiple illicit businesses that appeared in the past few years is DDoS (distributed denial of service) as a product. Basically, criminals offer to organize DDoS attacks for anyone willing to purchase the service. Indicate the target, pay the price, and sit back. Technical knowledge is not required. Recently, the Dutch Police sent a warning message to people who used such illegal services.

In many situations, the backbone of these DDoS networks is made up almost entirely of compromised IoT devices that now have a new purpose: to flood the criminals' targets with requests via the internet. The device's hardware capabilities are of little importance as long as attackers can make it to interrogate any target of choice.

Any IoT user must remember to check on hardware present in the house, see if any security patches are awaiting installation, change the default passwords, and close ports and services that aren't used, like SSH. Of course, having an intelligent router or using the services of an ISP that both integrate Bitdefender's IoT Security Platform is also a good idea as it can block vulnerability exploits and disable compromised IoT devices in the network without affecting any of the rest.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor 2.2 Million Patients Affected by Data Breach in Pediatric Software Vendor
Silviu STAHIE

December 07, 2022

1 min read
Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read