Microsoft security researchers have warned users that even seemingly small Internet of Things (IoT) devices like LED light control consoles can be used to exploit our security systems by launching malware.
Taiwan IoT Device Attack
The evidence for this threat comes from an incident that happened in Taiwan. An IoT device was used to spew malware as a part of the function. This function helped the IoT product to distribute malware and Ransome among other products, send phishing attacks and emails about Distributed Denial-of-Service (DDoS) attacks.
An investigation of suspicious activities showed that there is a 100x increase in botnet signals within a month. The Microsoft security researchers find out that several activities were going on that led to the sending of over one terabyte of data within a week.
Suspected IP Addresses
The malicious activities were mapped over 400000 publicly available IP addresses. The researchers were able to cut down the IP addresses to 90 IP addresses, which could be the source of this attack. However, they later found that only one of those IP addresses was the source of this vast malicious activity.
Microsoft exclaimed that only one IP address was the culprit behind dozens of abusive attacks related to the distribution of malware, phishing emails, ransomware, and DDoS attacks.
Microsoft’s Efforts
Microsoft alerted Taiwan’s Ministry of Justice Investigation Bureau (MJIB). The information helped the ministry to identify illegal VPN IP as well as the hidden accounts which were assisting the VPN in sending the malware from the office building to rural northern Taiwan.
The source of the attack was an LED which was shut down to prevent the spread of malware.
IoT users are at risk
Unfortunately, the large numbers of mobiles and IoT devices connected to the internet have exposed users to new types of cybercrimes.
Hackers use vulnerable IoT devices to steal the user’s sensitive data and financial information to perform cyber crimes. Through DDoS attacks, they can make servers go offline, disrupt critical infrastructure systems, or encrypt victims’ data and hold it for ransom.
What can you do?
Always perform thorough checks of any malicious activities which may be linked to your IoT devices. Use updated anti-malware software to eliminate the risks of cyberattacks.