Printers, routers and other internet connected devices are being hijacked by hackers to use in cyber-attacks.
Web security company Prolexic have released a white paper which details a rise in the number of Distributed Reflection and Amplification Denial of Service (DrDoS) attacks using aging networking protocols to transform these internet-connected devices into malicious bots whose combined computing power can be used to carry out large-scale attacks.
The firm says that while DrDoS attack tactics have been used successfully for more than a decade, their popularity and effectiveness has increased during the past year as hackers targtet IP-based devices like printers, cameras, routers, hubs, sensors and other network devices.
In January research by security software maker Rapid7 reported a similar problem, which allowed hackers to exploit bugs in “plug and play” networking technology to compromise internet-connected devices.
“Unfortunately, the protocols were written with functionality, not security, in mind. The internet used to be a safer place than it is now,” says Stuart Scholly, Prolexic president.
DrDoS attacks using these protocols can be difficult to trace back to the malicious actor because they often involve spoofing, or faking, the origin of the attack.
In the white paper, the Prolexic Security Engineering and Response Team (PLXsert) explains how malicious actors leverage three common network protocols inherent in network servers and devices.
The vulnerable protocols are Simple Network Management Protocol (SNMP), used to communicate with IP-based devices, such as routers; Network Time Protocol (NTP), used to synchronize time and date information across the network; and Character Generation Protocol (CHARGEN), used to test and debug network connections.
“Protocol reflection attacks are a serious problem, but system administrators can help protect their organization and the internet community by taking steps to avoid participating in these types of DrDoS attacks,” says Scholly.
The white paper, available for free here, explains the protocol vulnerabilities and how they are used in DDoS attacks and also identifies actions system administrators can take to reduce, or mitigate, the vulnerability of their network devices and servers.