Four Million Plug and Play Devices Become Potential Tools in DDoS Attacks
Millions of home and office devices, including routers, media servers, webcams, smart TVs and printers are vulnerable and can be used to launch large-scale denial-of-service attacks, according to an advisory by cloud provider Akamai.
“The rise of reflection attacks involving UPnP devices is an example of how fluid and dynamic the DDoS crime ecosystem can be”, Akamai says.
Since July 2014, Akamai`s Prolexic Security Engineering & Response Team (PLXsert) found 4.1 million Internet-connected Universal Plug and Play (UPnP) devices that are potentially vulnerable to being used in reflection and amplification DDoS attacks through the abuse of the Simple Service Discovery Protocol (SSDP) – that is about 38 per cent of the 11 million devices in use worldwide.
The SSDP protocol is part of the UPnP standard and comes enabled in millions of devices, allowing them to find and communicate with each other on a network for data sharing, entertainment and other functions. To send messages to and from UPnP devices, networks rely on the Simple Object Access Protocol (SOAP).
To launch an UPnP attack, attackers misuse the SSDP and SOAP protocols to send spoofed control packets and artificially amplify traffic, which can be redirected to disrupt the services of a specific target, such as a website. By using thousands of devices, attackers can flood a network with data, Akamai said.
Akamai identified two scripts used by attackers – one used to find UPnP-enabled devices and the other to perform the actual reflection attack.
Attacks have been aimed at a variety of industries, including entertainment, payment processing, education, and media and hosting, according to the report. South Korea owns the largest number of vulnerable UnPn devices, followed by the US, Canada, China, Argentina and Japan.
Mitigation is complicated because of to the large numbers of devices and geographical spread. The company recommends that vendors and ISPs take better patch and management actions to make sure misconfigured devices don`t end up in users` homes. They also advise blocking source port 1900 to prevent unnecessary bandwidth loads as a preventative measure.
“It is necessary, however, to address the problem from the root causes: vulnerabilities inherent in the UPnP protocol and the difficulty of upgrading, patching and managing these devices once they are deployed and facing the Internet”, the company concluded. “Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat”.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021