• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 15th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Hacking News » Someone DDoSed A University Server By Hacking Its Vending Machines

Someone DDoSed A University Server By Hacking Its Vending Machines

February 14th, 2017 Waqas Cyber Attacks, Hacking News, Malware, Security 0 comments
Someone DDoSed A University Server By Hacking Its Vending Machines
Share on FacebookShare on Twitter

It is a fact that Internet of Things (IoT) devices are extremely vulnerable to exploitation from malicious threat actors, thanks to the phenomena of default login credentials and widespread availability that makes them easy targets. We have also come to know about the capabilities of even a smaller number of infected IoT devices as they turn into an army of botnets and create havoc at any targeted organization’s internet network. The recent incident yet again proves how critical IoT devices could be if their security isn’t improved.

Verizon Enterprise’s RISK (Research, Investigations, Solutions and Knowledge) department researchers were tasked with the investigation of internet blockage at an unidentified US university and they discovered that [PDF] a few thousand infected IoT devices are responsible for cutting off the internet. The attackers reprogrammed the devices in such a way that they started attempting to connect with seafood-oriented websites sporadically.

Read More: Hacker takes over thousands of Printers; sends alerts to users

The attackers hacked 5,000 devices so that these send out DNS queries continuously (DDoS attack) and to fulfill their malicious objectives they used a variety of devices from vending machines to street lamps. The university’s network, resultantly, started to slow down as the malware in the IoT devices started attacking its drink vending machines. When one device was infected, the malware started searching for more vulnerable devices and the chain reaction followed suite. When a single device was infected, the malware modified its admin password making it difficult to remove the infection.

The report explained that “The botnet spread from device to device by brute forcing default and weak passwords – The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes.”

When the IT staff of the university got a hint of the malware attack, they quickly responded by tracking down the new passwords and since these were transmitted in clear text format instead of being encrypted, their job became easier as they were able to intercept them using a packet-sniffing app. After receiving the list of new passwords, they launched a fix, which was an automated antidote that reset all the passwords and broke the chain of the botnets by freeing the devices.

“Short of replacing every soda machine and lamp post, I was at a loss for how to remediate the situation. We had known repeatable processes and procedures for replacing infrastructure and application servers, but nothing for an IoT outbreak,” stated the IT admin.

Hacking vending machines is not something new, in fact, there are several videos on YouTube showing how people are hacking these machines for free coffee and snakes but this incident proves that even a handful of infected IoT devices can do a lot of harm. This is why the IT department of the university has urged that companies regularly inspect the network settings for their manufactured IoT devices and keep them separate from Internet access as well as from other devices.

[fullsquaread][/fullsquaread]

Also Read: Hackers Infect Hotel Door Lock System with Ransomware

Also, organizations need to use standard IT assets along with IoT devices and employ regular security protections like changing default username and passwords for the devices and keeping strong Wi-Fi network passwords.

Source: Verizon Enterprise | Image Source: Flickr/Patrick


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Attack
  • Cyber Crime
  • DDOS
  • hacking
  • internet
  • IoT
  • Malware
  • security
  • Verizon
Facebook Twitter Google+ LinkedIn Pinterest
Previous article The Rise of Fileless Malware: Over 100 Telecoms, Banks, Gov't Orgs Under Attack
Next article PayPal users hit with "Payment Successfully Made Via Ali Express" Phishing Scam
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
How to identify malware on your phone with these 7 signs

How to identify malware on your phone with these 7 signs

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Popular forms of cybercrime you should be aware of
Cyber Crime

Popular forms of cybercrime you should be aware of

210
70% of the entire US population is now on Facebook
Technology News

70% of the entire US population is now on Facebook

272
Hundreds of counterfeit branded shoe stores hacked with web skimmer
Cyber Crime

Hundreds of counterfeit branded shoe stores hacked with web skimmer

285
NGINX office in Moscow raided by police
Cyber Events

NGINX office in Moscow raided by police

1307

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us