This scenario is also very likely in Lithuania, so Telia advises to take care of the security of the mentioned devices in time, so that we do not become accomplices of such crimes through ignorance.
“In order to disrupt the work of institutions and create chaos in the country, it is important for hackers to have as many hijacked devices as possible connected to one network. Weaker than computers or smartphones, secure Internet of Things (IoT) devices and routers are perfect for this. And the worst thing is that there is practically no way to notice an illegal takeover of control of such a device. Therefore, it is necessary to focus all attention on prevention – installing software updates, using strong passwords and abandoning outdated routers”, says Odeta Baranauskienė, head of Telia’s security team.
Eyes turn to the East
This fall, Finland’s Nordea bank even experienced several Distributed Denial of Service (DDoS) attacks. During them, the institution’s publicly available resources were bombarded with millions of requests from many different devices. This type of attack is not new and the bank had the usual security mechanisms in place.
Unfortunately, although similar attacks are usually organized using devices hacked in different countries, DDoS protections based on blocking requests from abroad were ineffective this time. The bank’s systems have been attacked by devices located in Finland in recent weeks, making it extremely difficult to stop the attack.
“Hamtered routers, smart refrigerators, robotic pumps and other devices are connected to a single network, also known as a ‘botnet’, and can be used for many different attacks. “Criminals operating botnets can rent them to individuals or states with evil intentions, so a router that “attacked” a bank in the morning can target another country’s electricity supplier or local tax inspectorate in the evening,” says O. Baranauskienė.
However, botnets are typically made up of equipment seized from different countries, so it is unlikely that Nordea’s attack was spontaneous. In Finland alone, it takes a long time to get hold of enough devices to launch a DDoS attack, which shows that it was carefully planned and its masterminds had enormous resources. As a result, the eyes of Finnish experts turn to Russia, which is hostile and interested in destabilizing the situation in the country, although no indisputable evidence has yet been found to support this.
Smart home devices are the new weapon of hackers
According to the representative of Telia, there is more than one logical explanation why hackers use routers and other smart home devices for their dirty work. In contrast to computers or phones, these devices do not have anti-virus programs, are less frequently updated, and users themselves rarely think about their security.
“After purchasing a router, people connect it to the power grid and the Internet and start using it. Few know how to configure it correctly, update the software and change the password. As long as the device performs its function, users do not tend to worry about it. Therefore, in many households, you can find unattended and decades-old routers that are completely “holed” from the point of view of cyber security, – regrets the specialist.
The same goes for other IoT devices that are increasingly knocking into our homes. Network-connected surveillance cameras, baby monitors, wireless printers, and even robotic pumps can potentially become hacker “warriors” simply because of their poor security and lack of maintenance.
The best antidote to attacks is updates
According to O. Baranauskienė, the router is “possessed by demons”, usually a slow internet connection. This can happen for other reasons, so you should start with a simple reboot of the device. Sometimes this alone can be enough to stop participating in an attack.
On the other hand, this is only a first aid – to protect your router, it is recommended to regularly log into its management console and perform a firmware update, if available. New software fixes vulnerabilities that allow hackers to take control of devices. The aspect of updates must also be remembered when choosing products from cheap, obscure brands, whose manufacturers are reluctant to invest in cyber security and send security patches after the end of the device’s sale.
Among other tips, the expert emphasizes the need to change the factory passwords of the Wi-Fi network and router management console to more secure ones, as well as to deactivate unused ports. Another welcome move from a cybersecurity standpoint would be to create a separate isolated network in your router settings just for smart home devices, which would prevent a hijacked IoT device from later attacking a user’s computer, phone, or other device storing sensitive information.
#WiFi #Router #Breaking #Bank #Sleep #Stop #Business