Support for Ukraine



Blog Comments


Three million malware-infected smart toothbrushes used in Swiss DDoS attacks

Full Story Blog Post Wednesday, February 7, 2024 in Security   View 1 Comment 1 Comment
Security

NAME

According to a recent report published by the Aargauer Zeitung (h/t Golem.de), around three million smart toothbrushes have been infected by hackers and enslaved into botnets. The source report says this sizable army of connected dental cleansing tools was used in a DDoS attack on a Swiss company’s website. The firm’s site collapsed under the strain of the attack, reportedly resulting in the loss of millions of Euros of business.

In this particular case, the toothbrush botnet was thought to have been vulnerable due to its Java-based OS. No particular toothbrush brand was mentioned in the source report. Normally, the toothbrushes would have used their connectivity for tracking and improving user oral hygiene habits, but after a malware infection, these toothbrushes were press-ganged into a botnet.

Stefan Züger from the Swiss branch of the global cybersecurity firm Fortinet provided the publication with a few tips on what people could do to protect their own toothbrushes – or other connected gadgetry like routers, set-top boxes, surveillance cameras, doorbells, baby monitors, washing machines, and so on.

“Every device that is connected to the Internet is a potential target – or can be misused for an attack,” Züger told the Swiss newspaper. The security expert also explained that every connected device was being continually probed for vulnerabilities by hackers, so there is a real arms race between device software/firmware makers and cyber criminals. Fortinet recently connected an ‘unprotected’ PC to the internet and found it took only 20 minutes before it became malware-ridden.

We don’t have the finer-grained details of the specific Swiss company targeted and suffered from the extremely costly DDoS attack. However, it is common for malicious actors to issue threats with monetary demands attached before weaponizing their DDoS zombie army. Perhaps the Swiss firm refused to pay up, or perhaps the malicious actors instigated this attack to show their muscle (teeth?) ahead of making any demands.

Though we don’t have the finer details of the DDoS story, it serves as yet another warning for device owners to do their best to keep their devices, firmware, and software updated; monitor their networks for suspicious activity; install and use security software; and follow network security best practices.

tomshardware.com



Baker
Saturday, February 10, 2024 at 12:15 PM Reply to this comment Flag as Inappropriate
Security firm now says toothbrush DDOS attack didn't happen, but source publication says company presented it as real

1




Name:
Characters Left   Remember me  
Remembers your name so you do not have to retype it again and stores it encrypted in a cookie file on your computer. Unselect to delete the cookie file or delete your browser cache.

Type CAPTCHA text: