Forget hacked toothbrushes, worry about the rise in real DDOS attacks
While toothbrush botnets have dominated the news this week, the real threat from firmware attacks continues and you would be foolish to ignore it. The attackers certainly aren’t.
A somewhat ridiculous story about three million hacked toothbrushes being used in a DDoS attack against an unnamed Swiss organisation went viral this week. The original newspaper report, in German, included comments from a Fortinet engineer regarding IoT devices being compromised as an example of firmware attacks.
As I reported for Forbes, the whole thing was likely a case of misinterpreted information with the facts getting lost in translation; this was confirmed in a statement by Fortinet today. But you can wipe the smile off your face as the danger of firmware compromise and botnet attacks cannot be simply brushed aside. Did you see what I did there?
DDOS attacks a genuine threat
Take the latest threat intelligence report from Netscout, for example. This reveals an increase in DDoS attacks of 30% from 2022 to 2023, with targets ranging from enterprise to government in nature. This is hardly surprising when there has been such a surge in the number of IoT devices, both in businesses and public services.
“These devices often have poor security, so cyber criminals can easily compromise them with botnet malware and use them to remotely launch a range of cyberattacks including DDoS attacks,” points out Christopher Conrad, a senior threat intelligence analyst at Netscout.
Such devices remain, largely, designed for convenience. Any nod to security is an afterthought at best or left up to the end user to bolt on. “Several IoT devices do not auto-update,” Conrad explains, “so old vulnerabilities stay in place for longer than they should. Having limited built-in security makes them vulnerable to attacks like botnet recruitment.”
Jake Moore, the global cybersecurity advisor at Eset, calls IoT devices a hacker’s playground. “The massive growth in IoT devices placed in the home and office is the perfect opportunity to create mayhem among users and businesses alike in the form of simple DDoS attacks,” he says.
Related reading: Ransomware 2023 numbers: 100 million stolen records, $27.4 million average demand, attacks up by 84%
State-backed attacks on vulnerable devices
However, it should be pointed out that DDoS is not the only cyber-fruit. Nation-state-backed groups also look to attack vulnerable devices, be they at an organisation or an employee’s home, as a route to further compromise.
Recently, the FBI shut down a China-backed group that had been attacking routers in order to compromise US-based critical national infrastructure.
“Updating firmware is inherently even harder than updating software,” Roger Grimes, data-driven defence evangelist at KnowBe4 says.
“Most people have no clue what the patch status is on those devices, or any devices, running updatable firmware in their environments,” Grimes continues, concluding that “it’s no wonder Chinese hackers and many others specifically target devices running firmware. They are likely to find plenty of vulnerable targets and the people using them are very, very unlikely to notice that they’ve been compromised.”
NEXT UP
Cassidy Wolfenson, Creative Director at Labster: “Let data and intention inform your designs”
We interview Cassidy Wolfenson, who has a fascinating job: to develop compelling visuals that make online simulations more immersive — and thus more inspiring to STEM learners
IBM: Mainframes and AI are a match made in heaven
Research from IBM found that the relationship between AI and mainframes is a symbiotic one: mainframes are supporting AI strategies and vice versa.
GoldenJackal attacks prove that air-gapped security still isn’t enough
We reveal the method behind the GoldenJackal attacks, who’s being targeted, and why air-gapped defences aren’t enough