• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

University Hijacked by Vending Machines

February 13, 2017 By The Editor

According to Network World, an unnamed university’s vending machines, smart light bulbs and 5,000 other IoT devices were recently hijacked. Sounds fishy, huh? As it turned out, the attack on the school’s internal network was actually caused by a series of seafood-related DNS requests that appeared every fifteen minutes.

This story comes from a preview of Verizon’s 2017 Data Breach Digest Scenario. It outlines how the university’s network noticed a burst of interest in seafood-related domains, as well as an abnormal number of sub-domains related to seafood. Name servers responsible for Doman Name Service (DNS) lookups were struggling to keep up with the increased traffic, causing legit searches to be dropped and preventing access to a majority of the internet.

 Verizon RISK (Research, Investigations, Solutions and Knowledge) Team investigated the issue (presumably the university was a Verizon customer) and discovered that the university’s vending machines, light bulbs and thousands of other IoT devices were making seafood-related DNS requests every 15 minutes. Four of the returned IP addresses and about 100 of the requested domains showed up in an indicator list for an evolving IoT botnet. The botnet spread from one device to another by forcing weak and default passwords. After gaining control of the device, the malware would change the device’s password and lock out the university. 

The university was able to recover their devices by using a packet sniffer to intercept the new, clear-text passwords for compromised IoT devices and reset them. The report advises other organizations to “create separate network zones for IoT systems and air-gap them from other critical networks where possible,” and limit the amount of information stored in one place.

Read the full article at Network World here. Learn more about Verizon’s sneak peek report that includes mitigation and response tips here. Also, read more about the security risks present in IoT devices from WatchGuard CTO Corey Nachreiner and more about past botnets here on Secplicity.

 

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: Botnets, DNS Hijack, Hacking, passwords, Security breach, university

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use