If you have never heard of a botnet, they are scary entities indeed. Imagine countless connected devices from all over the world, all joined together by malicious actors who want to use these infected devices to launch massive attacks against businesses, organizations, and governments. One such attack was launched by a Russian botnet consisting of millions of Internet of Things devices. Thanks to the efforts of the United States Department of Justice and various law enforcement agencies throughout Germany, the United Kingdom, and the Netherlands, it has been brought to a halt.
This botnet was the one responsible for hacking into countless computers and connected devices all over the world. This botnet acted as a proxy service. It was advertised as selling legitimate IP addresses through an Internet service provider, instead opting to sell the IP addresses assigned to devices that had been hacked by the botnet. In other words, hackers were using the service to conceal their true locations so that law enforcement could not act against them.
The attacks were generally carried out against authentication portals, and since they were using hacked IP addresses, pinning down the origin of these attacks was difficult. The Department of Justice reports: “It is believed that the users of this type of proxy service were conducting large-scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages.”
The FBI has seized control of the RSOCKS botnet and its website, where users could purchase IP addresses. To give you an idea of what these services were going for, the prices ranged from $30 per day for 2,000 proxies to $200 per day for 9,000 proxies. If the user committed to a purchase, they could download the list of IP addresses and ports, which they could then use to route traffic through the cracked devices, thereby concealing their identity. At first, the botnet was made up of infected IoT devices, but computers and Android devices also fell victim to it as the botnet grew larger and larger.
Considering how hackers could quite easily take advantage of this service, you should be concerned with how to protect your business from these types of threats.
Botnets are a prime example of why you should understand and be aware of the security shortcomings associated with Internet of Things devices. IoT devices are typically chosen for these types of hacks because they are often unsecured or still use their default passwords, making them easy targets for hackers to compromise. If your organization uses IoT devices in any capacity, we recommend that you set up an alternative network specifically for them. Additionally, you should implement more strict security policies for them when possible.
We know it’s not always easy to protect your business, but it doesn’t take a genius to rely on experts for all of your security needs, either. You can focus on running your business while OnSite I.T. handles the heavy lifting. To learn more, reach out to us at (403) 210-2927.
Comments