It has finally started, cyber attacks involving smart appliances such as televisions and refrigerators. Proofpoint, Inc. a leading security-as-a-service provider, has uncovered what may be the first proven Internet of Things (IoT)-based cyber attack involving conventional household “smart” appliances. The global attack campaign involved more than 750,000 malicious email communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks.
The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious emails, typically sent in bursts of 100,000, three times per day, targeting companies and individuals worldwide.
It is speculated that malware that allowed spam to be sent from smart appliances could simply occur due to homeowners using default device passwords that left them exposed. Plus, once the infection occurs, the consumer has virtually no way to detect or fix the problem.
According to Michael Osterman, principal analyst at Osterman Research, “The ‘Internet of Things’ holds great promise for … cybercriminals who can use our homes’ routers, televisions, refrigerators and other Internet-connected devices to launch large and distributed attacks.” Such devices “represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem.” … Well, isn’t that just great?
The primary source for this blog posting is a press release from Proofpoint, dated January 16, 2014, at the following link: http://www.proofpoint.com/about-us/press-releases/01162014.php.