2 min read

Four Million Plug and Play Devices Become Potential Tools in DDoS Attacks

Alexandra GHEORGHE

October 16, 2014

Four Million Plug and Play Devices Become Potential Tools in DDoS Attacks

Smart TVs Vulnerable to Multiple Cyber-Threats, Study RevealsMillions of home and office devices, including routers, media servers, webcams, smart TVs and printers are vulnerable and can be used to launch large-scale denial-of-service attacks, according to an advisory by cloud provider Akamai.

“The rise of reflection attacks involving UPnP devices is an example of how fluid and dynamic the DDoS crime ecosystem can be”, Akamai says.

Since July 2014, Akamai`s Prolexic Security Engineering & Response Team (PLXsert) found 4.1 million Internet-connected Universal Plug and Play (UPnP) devices that are potentially vulnerable to being used in reflection and amplification DDoS attacks through the abuse of the Simple Service Discovery Protocol (SSDP) – that is about 38 per cent of the 11 million devices in use worldwide.

The SSDP protocol is part of the UPnP standard and comes enabled in millions of devices, allowing them to find and communicate with each other on a network for data sharing, entertainment and other functions. To send messages to and from UPnP devices, networks rely on the Simple Object Access Protocol (SOAP).

To launch an UPnP attack, attackers misuse the SSDP and SOAP protocols to send spoofed control packets and artificially amplify traffic, which can be redirected to disrupt the services of a specific target, such as a website. By using thousands of devices, attackers can flood a network with data, Akamai said.

Akamai identified two scripts used by attackers – one used to find UPnP-enabled devices and the other to perform the actual reflection attack.

Attacks have been aimed at a variety of industries, including entertainment, payment processing, education, and media and hosting, according to the report. South Korea owns the largest number of vulnerable UnPn devices, followed by the US, Canada, China, Argentina and Japan.

Mitigation is complicated because of to the large numbers of devices and geographical spread. The company recommends that vendors and ISPs take better patch and management actions to make sure misconfigured devices don`t end up in users` homes. They also advise blocking source port 1900 to prevent unnecessary bandwidth loads as a preventative measure.

“It is necessary, however, to address the problem from the root causes: vulnerabilities inherent in the UPnP protocol and the difficulty of upgrading, patching and managing these devices once they are deployed and facing the Internet”, the company concluded. “Action from firmware, application and hardware vendors must occur in order to mitigate and manage this threat”.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read