A single denial-of-service attack (DDoS) can make medium and large companies loose tens or hundreds of thousands of euros, according to most studies published in recent months.
As we have mentioned before, this kind of attacks consist on saturating the servers that store the files of a platform or web service. As a result, the access to the servers is suspended with the resulting interruption in the exchange of information.
Cybercriminals used tools or malware installed in one or several computers to perpetrate their crimes so far, but now they have expanded their horizons. Recently, Chinese researchers have found that criminals can launch DDoS through printers, webcams or even routers.
Asian experts have analyzed one of the greatest denial-of-service attacks that has ever happened. It took place in December 2014 and paralyzed the online gaming services of Sony and Microsoft for several days.
According to this investigation, the 30% of the devices accessing the servers until they were blocked were connected to the network. Cybercriminals had taken over the routers using a malware that attacked devices with weak passwords or security holes.
However, now is not even necessary to install any malware. Experts have identified an increasing technique that controls these devices based on the SSDP communication protocol, a channel mainly used by these peripherals to communicate with computers.
The SSDP is designed to send information, feature that the attackers use as leverage. If many printers send information repeatedly to the server where the web page is hosted, the outcome is likely to be a DDoS which will make the site crash.
Since this technique is so simple, it has a huge potential to be spread. It is easier to control these devices than a computer, and the amount of routers, printers and other office devices an attacker might use increases the efficiency of the attack.
Furthermore, the possibilities grow with the arrival of the Internet of Things in companies and homes. Smart TVs, thermostats and even cars are open doors for cybercriminals.
Although is difficult to avoid DDoS, it is possible (and we advise you should) to monitor the passwords to connect any device to the network. At least, we will be able to discourage cybercriminals from attacking.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
