You can be at risk, even right within your own home.
Recent reports showed that the rising incidence of cyberthreat incidents has not spared anyone or any place for that matter, with malicious software infections seen penetrating computer systems of government institutions, businesses, and even the homes of private individuals.
These incidents cannot be taken lightly as they can potentially result in huge financial losses for companies, government institutions, and even individuals.
Just last week, several reports surfaced about epic cyberattacks crippling a major Internet firm, repeatedly disrupting the availability of popular websites across the United States.
The hacker group claiming responsibility was said to have a “secret weapon in the increasing array of Internet-enabled household devices they can subvert and use to wreak havoc.”
“On Friday 21 October, it was widely reported by a number of outlets that cybercriminals used Internet-connected home devices, such as CCTV cameras and printers, to attack a provider of DNS services and, indirectly, affect access to popular websites such as Twitter, Spotify, AirBnB and Reddit. It has been suggested that the attack was carried out, at least in part, using a botnet of Internet of Things (IoT) devices,” said David Emm, principal security researcher at Kaspersky Lab.
“The method of infection appears to have been very simple and relies on human complacency—manufacturers shipping devices with default configurations, and those using the devices without altering that default configuration. The attackers use default credentials to gain access to online devices—including routers, IP cameras, DVRs and more. Once the malicious code has been written to the device, it then becomes part of their botnet,” Emm added.
Emm noted that this wasn’t the first time that connected devices were used as a vehicle for attack.
“In recent years, baby monitors and webcams have hit the news on account of vulnerabilities which allow criminals to access the devices and redirect them for malicious purposes. IoT devices are an attractive target because many use default credentials that attackers can exploit, there are no firmware updates for many devices and they often have 24/7 connectivity,” Emm explained.
Local threats
Such incidents are currently happening in the Philippines as well. The country, in fact, was one of the top three countries in the Asia Pacific region identified to have the highest number of local cyberthreat incidents, according to global cybersecurity firm Kaspersky Lab.
Latest statistics showed that for the third quarter this year, 58 percent of users in the Philippines had experienced local threats, which referred to malicious software infections that penetrate computer systems using means other than the Internet, e-mail, or network ports.
Kaspersky also identified the Philippines as a prime target for both Internet-based computer, and mobile malicious software threats, placing the country well within the “high risk group” in terms of the number of users attacked during the second quarter this year.
Further, nearly half of Filipino Internet users were found by Kaspersky to be at risk of falling prey to cybercriminals due to lapses and other harmful online habits that could make them highly vulnerable to attacks.
This was based on the results of a survey conducted earlier by Kaspersky Lab, which polled some 18,000 Internet users from 16 countries, including 1,394 from the Philippines.
Practical tips
There are ways, of course to help counter such cyber attacks. Emm explained that the best advice for anyone using connected or so-called IoT devices at home, is to ensure that the default passwords on all devices are changed—using more unique and complex passwords—to prevent them from being remotely accessed.
This should include home routers, which are the gateway to your home network.
“The temptation may be for people to want to disconnect all devices in light of such news, but in today’s increasingly connected world, that’s not realistic. Although, it’s always good to review the functionality of a smart device and disable any functions that you don’t actually need. However, good password ‘housekeeping’ goes a long way to keeping cybercriminals away from your devices. This kind of large scale attack also highlights the need for manufacturers to consider security by design for such devices, rather as an afterthought,” Emm said.
Here are some of other old, easy and practical tips offered by Kaspersky to help you cyberproof your homes:
- Install reliable Internet security solution and follow its recommendations.
- Update the firmware to the latest version.
- If you do not use the network connectivity on the device, turn it off. If you use it, or if it’s necessary for the device to work, make sure that there is no remote access to the management interface of the device from the outside world.
- Switch off unnecessary features. Contemporary IoT devices usually implement a variety of different functionalities, some of which you might not even be aware of. It’s a good practice, after buying each new device, to learn about all its features and disable the ones that you are not going to use. Having all the features enabled increases the potential attack surface.
- Read the manual. Every device is shipped with a manual, which documents its features and configuration settings. Also, there is usually a lot of additional documentation available online. To keep your home secure, you should always familiarize yourself with any new device that you are going to incorporate into your network and take all the recommended steps to make the device as secure as possible.
- Always check the link, which you are going to open. If it has some spelling issues, take a double-take to be sure—fraudsters can try to push on a fake page to you.
- Even if you’ve received a message or a letter from one of your best friends, remember: they could also have been fooled or hacked. That’s why you should remain cautious in any situation.
- Sometimes e-mails and websites look just the same as real ones. It depends on how decently fraudsters did their “homework.” But the hyperlinks, most likely, will be incorrect—with spelling mistakes, or they can address you to a different place. You can look for these tokens to tell a reliable site from a fraud.