DDoS Attackers Exploited Insecure IoT Gadgets From Chinese Company

...

A Chinese electronics manufacturer admitted that its products inadvertently contributed to last week's massive cyberattack that knocked popular Web services offline.

On Friday, a number of major sites—Twitter, Etsy, GitHub, SoundCloud, Spotify, Shopify—experienced outages as the result of a DDoS attack on DNS provider Dyn. One big part of the problem: the Mirai botnet, which scours the Web for poorly protected IoT-connected devices and enlists them to overwhelm a target with online traffic, causing an outage.

"We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack," Dyn said in a statement.

In this case, a Mirai-based botnet latched onto hacked DVRs and IT cameras made by Hangzhou Xiongmai Technology, which used weak factory-default usernames and passwords to safeguard its products.

"Mirai is a huge disaster for the Internet of Things," the Chinese firm told Computerworld. "[We] have to admit that our products also suffered from hackers' break-in and illegal use."

Xiongmai patched its flaws in September 2015, the company told Computerworld. Its devices now ask customers to change the default password upon first use, but products running older versions of the firmware remain vulnerable. As a result, they should update and change the default username and password. Folks can also disconnect the gadget from the Internet altogether.

Xiongmai Technology did not immediately respond to a request for comment.

Friday's disruption "globally might be the beginning of a new era of Internet attacks conducted via 'smart' things," Chester Wisniewski, principal research scientist from Sophos, said in a statement. "Clearly they aren't as smart as we think, if they can be so easily commandeered by random deviants from the Internet to impact major services like Twitter, Reddit, and Spotify.

"There are [tens] of millions more insecure 'smart' things that could cause incredible disruptions, if harnessed," Wisniewski added.

DDoS attacks skyrocketed in 2015, and don't show any sign of slowing down. Security researcher Brian Krebs last month became the latest high-profile victim when his website suffered "a historically large" raid, which he claimed was revenge for exposing two hackers who provided DDoS services. Now that the source code behind the raid has been released online, Krebs suggested "the Internet will soon be flooded with attacks."

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Weekly Rewind: WWDC rumors, Tesla’s new doors, and ‘swarm’ intelligence

    Apple’s WWDC 2016 is coming — here’s everything you need to know Are you wondering when Apple will hold its Worldwide Developer Conference (WWDC)?The virtual assistant used to answer coyly when you asked her about WWDC, pretending that she knew as little about Apple’s plans as your average Joe.
  • 5300c769af79e

    4 Trends In 2017 That Every Developer Needs To Understand

    Developers need to be ready for the opportunities that quantum computing, big data, and mixed reality might bring to all computing sectors, including commercial computing, in 2017.Artificial intelligence, virtual reality, and quantum computing teeter on the brink of mainstream.
  • 5300c769af79e

    8 Productivity Tools Road Warriors Need

    Life on the road means freedom and travel, but also the need for a solid arsenal of apps, power packs, mobile hotspots and other items to keep you productive.This is why we've included portable external chargers for both notebooks and smaller mobile devices in our roundup.
  • 5300c769af79e

    OnePlus 5 Specs (Official)

    The OnePlus 5 has now been officially revealed and so we now have the official specs list.It’s pretty loaded, that’s for sure, but that means it has a price tag to match.