Mass Hacking of Devices
This chapter is dedicated to the threat of mass hacking of devices. You may be aware that every day your computers, Wi-Fi routers, mobile devices, and smart appliances are scanned by hackers from around the world in search of vulnerabilities or weak protections.
If a poorly secured or vulnerable device is discovered, they hack it and use it to send spam or mine cryptocurrency. In the worst case, they may encrypt your data and demand money or use the hacked device for illegal activities, resulting in law enforcement showing up at your door with a search warrant.
This chapter will focus on mass hacking of devices – a threat that is relevant to each of us. I propose to divide it into several parts: what is hacked, why it is hacked, how it is hacked, and how to protect against it.
What is Hacked
In fact, everything that can be hacked is hacked, including smart homes. The only requirement is that the device must have internet access. Hackers are particularly interested in computers, servers, mobile devices, and routers, as they are easier to monetize, in other words, to make money from.
First and foremost, the attacker is interested in automatically monetizing hacked devices; for example, they can hack and encrypt your computer. There is a high probability that you will have information on your computer for which you would be willing to pay for decryption. All actions from scanning the network to encryption occur automatically; the attacker only needs to maintain the system's functionality and withdraw the funds obtained from the victims.
Hacking your smart washing machine is not so easy to monetize. On the other hand, we know of botnets consisting of smart devices: washing machines, refrigerators, televisions, kettles, coffee machines, and other household appliances, even smart toys and cameras. Such botnets can send spam, conduct DDoS attacks (by the way, of impressive power), and mine bitcoins, although they significantly lag behind hacked personal computers.
The most famous such botnet is Mirai. This botnet participated in a massive attack on security expert Brian Krebs, resulting in his website being taken down. A prime example demonstrating the power of the Mirai botnet is the well-known attack on the largest DNS provider in the USA on October 21, 2016, when some services like Twitter and Amazon became unavailable, and the network across the eastern coast of the United States operated with serious limitations. Yes, indeed, it has come to the point where kettles and coffee machines can attack an entire country, albeit only online.