14 DAY TRIAL // A massive global cyberattack that involved over 750,000 malicious emails is said to have relied on more than 100,000 consumer electronic devices, including at least one smart refrigerator.
We keep hearing about the security risks associated with the fact that more and more household appliances are connected to the Internet. Researchers from security-as-a-service provider Proofpoint have analyzed what can be called an Internet of Things cyberattack.
Among the 100,000 devices abused in the massive spam campaign, experts have identified multimedia centers, smart TVs, and routers. However, the most interesting appliance leveraged by the cybercriminals has been a smart fridge.
So it was only one fridge. It might not sound like such a big deal, but in the future, it could become one. Currently, only a small number of people have smart houses. However, in the (near) future, everyone will be posting messages on Twitter from their smart fridges, which is why the security of these devices should not be ignored.
“The ‘Internet of Things’ holds great promise for enabling control of all of the gadgets that we use on a daily basis. It also holds great promise for cybercriminals who can use our homes' routers, televisions, refrigerators and other Internet-connected devices to launch large and distributed attacks,” explained Michael Osterman, principal analyst at Osterman Research.
“Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won't work to solve the problem,” he added.
The attack analyzed by Proofpoint was launched between December 23, 2013 and January 6, 2014. During this period, around 100,000 malicious emails were sent out each day, aimed at both individuals and organizations.
Of course, the spam run didn’t rely only on smart consumer gadgets such as TVs, multimedia centers, routers and the smart fridge. However, such devices contributed with over 25% of the total spam volume.
Because such a large number of devices were used, it was enough for each of them to send out up to 10 spam emails. This made it difficult to block the attack.
Another aspect highlighted by researchers is the fact that many of the devices were exposed on public networks due to misconfiguration and default passwords. The attackers didn’t use any sophisticated exploits to hijack them.
“Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse,” noted David Knight, general manager of Proofpoint's Information Security division.
“Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them.”