1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

7/27/2017

0 Comments

Vulnerable IoT Devices around the World Used to Carry out DDoS Attacks

 
Vulnerable IoT Used for DDoS Attacks

Vulnerable IoT Devices Used to Carry out DDoS Attacks

​A Briton man admitted in court this week that he carried out a cyber attack on Deutsche Telekom last year. He claimed that he was paid $10,000 by a competitor of the telecom company to do the job.

In November last year, Deutsche Telekom publicly acknowledged that internet access of its nearly 1 million customers was disrupted as a result of a cyber attack. “We saw attacks from the Mirai botnet that targeted customer routers globally,” Telekom Thomas Tschersich, head of IT security at Deutsche, said in a video message posted on Twitter. “The attack led to the devices crashing.”

DDoS, IoT and Botnets Explained

Distributed Denial of Service attacks (DDoS) is one of the most significant cyber threats to businesses today. In a DDoS attack, a cyber criminal infects hundreds of thousands of computers or Internet of Things (IoT) devices with a malicious software and turned them without the knowledge of their owners into “botnet”, also known as “zombie army”, that’s capable of launching powerful DDoS attacks against a particular website or email.
 
The attack is “distributed”, according to the CISA, because the attacker is using multiple computers to launch the denial of service attack.

Vulnerability of IoT Devices

IoT devices, which include webcams, routers, CCTV cameras and smart TVs, are emerging devices that are connected to one another via the internet. “IoT devices are particularly susceptible to malware, so protecting these devices and connected hardware is critical to protect systems and networks,” US-CERT said.
 
According to Symantec, IoT devices are being targeted due to the following reasons:

1. Poor Security
Many of today’s IoT devices use default usernames and default passwords, making it easy for cyber criminals to infect the device with malware. In addition, the Universal Plug and Play (UPnP) – a feature that opens a port on a router to allow it to be accessible to the internet – makes it an easy target for cyber criminals.
 
2. Processing Power Limitations
Many IoT devices use basic operating systems. This means that a lot of these devices don’t have advanced security features. Most of these devices are simply plugged in and owners don’t bother to apply security updates.

IoT Botnets: Zombie Armies of Cyber Criminals

​Cisco, in its 2017 midyear cyber security report, cited 3 common features of IoT botnets:

1. Fast and Easy Setup
The setup can be completed within an hour.
 
2. Rapid Distribution
Cyber criminals can have a botnet of more than 100,000 infected IoT devices in just 24 hours. This rapid distribution results in exponential growth in the size of the botnet.
 
3. Low Detection Rate
It’s hard to get samples of an IoT botnet as the malicious code survives in the device’s memory. Once the infected device is restarted, this botnet is wiped out. 

Mirai Botnet

​In late 2016, IoT devices have been used by the Mirai botnet to carry out crippling DDoS attacks.
 
In September 2016, Mirai botnet was used to carry out a DDoS attack – the size of 665 Gbps – on the website of cyber security blogger Brian Krebs. On the same month, shortly after the attack on Krebs’ website, Mirai was used to attack the web hosting operation of the French company OVH at a bigger attack size of 1-TBps. On September 30, 2016, the attacker known as “Anna-senpai” publicly released the source code of Mirai.
 
In October last year, Mirai waged its biggest attack on DynDNS – a DNS provider that’s used by a number of major websites. The DDoS attack on DynDNS caused an outage on hundreds of popular websites including PayPal, Twitter and Spotify.
 
"We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet,” DynDNS said in a statement. “We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack."
 
In November last year, Mirai once again tried to infect IoT devices, this time the routers of Deutsche Telekom. The telecom company said that internet access of over 900,000 customers – out of its 20 million customers – was disrupted.
 
“The attack attempted to infect routers with a malware [Mirai] but failed which caused crashes or restrictions for four to five percent of all routers,” the telecom company said. “This led to a restricted use of Deutsche Telekom services for affected customers.”
 
According to Cisco, Mirai works by connecting to an IoT device using over 60 factory default usernames and passwords. Once the device is infected, it locks itself against additional botnets. The malware then sends the compromised IP and credentials to a centralized ScanListen service. After which, the infected device then helps in harvesting new bots, producing a self-replicating pattern.
 
According to Imperva Incapsula, unique IP addresses which hosted Mirai-infected devices were mostly CCTV cameras. Other Mirai-compromised IoT devices included DVRs and routers. Incapsula added that IP addresses of Mirai-infected devices were seen in 164 countries, appearing even in remote locations such as Somalia, Tajikistan and Montenegro.

DDoS against Small Businesses

​DDoS attacks aren’t limited to big companies. Sucuri reported about a DDoS attack that went on for days on the website of a small brick and mortar company. Similar to Mirai, the attacker uses infected CCTV cameras to launch a DDoS attack on the site of this small company. According to Sucuri, the attacker used compromised CCTV cameras from 105 countries.

How to Prevent the Spread of IoT Botnets  

“With over a quarter billion CCTV cameras around the world alone, as well as the continued growth of other IoT devices, basic security practices … should become the new norm,” Imperva Incapsula said.
 
Basic security practices to prevent the spread of IoT botnets include:
  • Research security features of an IoT device before purchase
  • Conduct an audit of IoT devices used by your business
  • Stop using default or generic usernames and passwords
  • Disable all remote access to your IoT devices
  • Disable Universal Plug and Play (UPnP) on routers
  • Use wired connections instead of wireless connections as much as possible
  • Regularly check the manufacturer’s website for security updates 
You business must be protected against DDoS attacks. We offer a simple solution that can be deployed without the need to purchase software or hardware. In fact, your websites and web applications can be protected in 10-minutes. Call us today for more information of visit the solution page.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    AI Security
    Artificial Intelligence
    ATP
    Awareness Training
    Blockchain
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cybercrime
    Cyber Espionage
    Cyber Insurance
    Cyber Security
    Cybersecurity
    Cybersecurity Audit
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    Data Privacy
    DDoS
    Email Security
    Endpoint Protection
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    Incident Management
    Insider Threat
    IoT
    Machine Learning
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third Party Risk
    Third-Party Risk
    VCISO
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
SME CyberShield
​Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2025 Driz Group Inc. All rights reserved.
Photo from GotCredit