Another day, another hack.
Over last weekend San Francisco’s Municipal Railway suffered a ransomware attack, while the European Commission’s internet was brought down for several hours following a distributed denial of service (DDoS) attack.
Yesterday, Deutsche Telekom confirmed hundreds of thousands of its customers in Germany were disrupted by an attempted failed hack, according to a company executive.
Deutsche Telekom’s head of IT Security Thomas Thchersich told the newspaper Der Tagesspiegel said that the hackers were trying to hijack consumer router devices to implement a wider internet attack by integrating the devices into the Mirai botnet, but failed.
“In the framework of the attack, it was attempted to turn the routers into a part of a botnet,” Tschersich told the Berlin newspaper.
The malicious Mirai code was released on the internet last month and has been responsible for large scale attacks on some of world’s most popular websites, including Twitter and Spotify, and it was also responsible for bringing down Liberia’s internet infrastructure.
Those hackers that use the code – or software – target vulnerable connected devices, which in turn become bots that can be used to mount huge network attacks.
The 900,000 customers affected represents 4.5% of the telecom giant’s 20 million fixed line customers.
This unlucky percentile suffered prolonged internet outages as a result of the attempted hack, which continued until Monday.
“This hack only further emphasises the weaknesses that exist in our increasingly connected world,” said Jerry Goodman, vice president, government systems division at ViaSat.
“In this case, consumers have been cut off from their internet, phone and TV, but it could’ve been worse. With more and more critical infrastructure connected to the internet, rather than the more traditional dedicated lines, attackers have more opportunities where they can inflict damage. For instance, dedicated attackers could cut off not only residential internet, but traffic and train signals, or water and energy supplies. A sobering thought.”
Indeed, as critical infrastructure and homes become increasingly connected the the threat from hackers drastically increases.
Currently there is little an organisation – either public or private – can do to prevent a cyber attack. One will get through, so investment must be made in incident response as well as detection and prevention in the cyber security industry.