You’ve probably heared about the massive cyberattack on 21th of October 2016. This was the probably biggest cyberattack to date. But what is lesser known, is that there probably was a ‘general rehearsel’ earlier that month. And that it also involved printers…
Early October 2016 I read an article on photography website PetaPixel: ‘How Cameras Helped Launch One of the Largest Cyber Attacks in History’. The article described how hackers targeted the blog of a cyber security expert (KrebsonSecurity), using internet connected devices (aka ‘IoT’ devices, IoT: Internet of Things). It is very common that the security of those devices is very weak, default usernames and passwords are very often not changed, making them very vulnerable for malicious people.
In the PetaPixel article, there is a list of ‘camera manufacturers’ that have been used in that DDoS attack (distributed denial-of-service: webservers are bombarded with a huge amount of requests for information, coming from a large amount of hacked devices, making them unavailable for ‘regular’ users). If you look at the list, you will also see a manufacturer of printers and digital presses…
The cyberattack of 21/10/2016 already has a dedicated Wikipedia-page. And that page lists the kind of devices that were used in the DDoS-attack: cameras, home routers, baby monitors, and printers…
Why is this important?
Securing the Internet is a collective endeavor. Everybody should cooperate, otherwise cyberattacks will become a frequent event. The IoT (Internet of Things) is the biggest threat ever to the Internet as a whole. Unless IoT becomes secure. Try to imagine what would happen to your company if hackers attack Box.com, DropBox, OneDrive, Google Drive and make them unavailable for some time, you’re company might be in troubles… That’s why you must not only think about security, but also about a plan B.
UPDATE 29/10/2016: this article gives a very good insight in the attack: https://www.engadget.com/2016/10/28/that-time-your-smart-toaster-broke-the-internet/
UPDATE 29/10/2016: researchers at Columbia University have proven the vulnerability of printers for hacks: http://www.nbcnews.com/business/consumer/exclusive-millions-printers-open-devastating-hack-attack-researchers-say-f118851
UPDATE 21/11/2016: it took only 98 seconds (!) after plugging it in before an IoT security camera was infected: https://techcrunch.com/2016/11/18/this-security-camera-was-infected-by-malware-in-98-seconds-after-it-was-plugged-in/
UPDATE 30/11/2016: earlier this week nearly 1 million (!) routers from Deutsche Telekom had issues connecting to the internet, probably due to a cyber attack, by the same botnet (Mirai) that caused the cyberattack of 21/10/2016… Read more!
PS: more information on security on IoT-devices can be found in this article: https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/
Image by DownDetector – DownDetector Level 3 Outage Map, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=52420446