A recent spate of attacks involving attackers using IoT devices to remotely generate attack traffic by using a 12-year old vulnerability in OpenSSH have been discovered by researchers at Akamai Technologies.
Akamai notes that the research and subsequent advisory do not introduce a new type of vulnerability or attack technique, but rather a continued weakness in many default configurations of Internet-connected devices. These devices are now actively being exploited in mass-scale attack campaigns against Akamai customers.
The Threat Research Team said it has observed incidents of what it has called SSHowDowN Proxy attacks originating from the following types of devices:
- CCTV, NVR, DVR devices (video surveillance)
- Satellite antenna equipment
- Networking devices (e.g. Routers, Hotspots, WiMax, Cable and ADSL modems, etc.)
- Internet connected NAS devices (Network Attached Storage)
Compromized devices are being used for mounting attacks against a multitude of internet targets and internet-facing services, such as HTTP, SMTP and Network Scanning. It is also being used to launch attacks against internal networks that host these connected devices.
Once malicious users access the web administration console, they have been able to compromise the device’s data and, in some cases, fully take over the machine.
“We’re entering a very interesting time when it comes to DDoS and other web attacks; ‘The Internet of Unpatchable Things’ so to speak,” explained Ory Segal, senior director for threat research at Akamai.
“New devices are being shipped from the factory not only with this vulnerability exposed, but also without any effective way to fix it. We’ve been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality.”