Smart fridge found to be involved in 'internet of things' cyber attack
A fridge has been discovered to be one of 100,000 everyday gadgets used in a spam campaign, according to security firm Proofpoint.
The firm has claimed in a blog that smart gadgets such as televisions, computer and home routers were also used in the attack, said to have taken place just before Christmas, and saw more than 750,000 phishing and spam emails launched from ‘Thingbots’.
As no more than 10 emails were sent by each device, it became all the more difficult to block the attack, explained the blog.
It added that this could be the first ‘Internet of Things’ attack which will continue as the number of connected devices quadruples in the coming years.
“Just as personal computers can be unknowingly compromised to form robot-like "botnets" that can be used to launch large-scale cyberattacks, Proofpoint's findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into "thingbots" to carry out the same type of malicious activity,” warned the company.
"Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse" said David Knight, general manager of Proofpoint's Information Security division. "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them."
Michael Osterman, principal analyst at Osterman Research, commented: “The 'Internet of Things' holds great promise for enabling control of all of the gadgets that we use on a daily basis. It also holds great promise for cybercriminals who can use our homes' routers, televisions, refrigerators and other Internet-connected devices to launch large and distributed attacks."
He continued: "Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won't work to solve the problem.”
Proofpoint revealed that of the 100,000 devices involved in the attack, over a quarter of those were non-conventional laptops and computers.