Pierluigi Paganini April 20, 2020

Cybercriminals have abused LED light control console to launch malicious attacks, Microsoft’s security experts warn.

Microsoft researchers shared details of a new incident discovered in Taiwan, where crooks abused LED light control consoles to launch malicious attacks.

Threat actors used the consoles to deliver malware and ransomware through an IoT botnet that was also used to launch distributed denial-of-service (DDoS) attacks.

Microsoft’s Digital Crimes Unit (DCU) noticed an unusual spike of botnet signals, the experts reported an increased 100 times within one month.

The DCU team experts were able to map more than 400,000 publicly available IPs and narrowed that information down to 90 suspicious IPs.

Upon refining the analysis, experts discovered that one particular IP was associated with dozens of malicious activities such as malware and ransomware distribution, phishing and DDoS attacks.

“One particular IP was associated with dozens of activities related to the distribution of malware, phishing emails, ransomware, and DDoS attacks.” reads the DCU’s report.

“To the team’s surprise, these activities correlated to as much as one terabyte (TB) of malicious content being sent out a week.”

Experts determined that the source was a LED light control console, then MJIB shut it down it.

“This case marks a milestone. That’s because we were able to take down the IoT device and secure the breach to a limited range for those compromised computers in Taiwan, which is quite different from our previous global cooperation cases,” says Director Fu-Mei Wu, who leads the MJIB’s Information and Communication Security Division.

“Cyberattacks are getting increasingly serious. Through Microsoft’s efforts to gather intelligence and process data, we can investigate the perpetrators more efficiently, and further take legal action before criminals can get very far. This is a partnership based on mutual trust, and we are thankful that Microsoft is on our side.”

Unfortunately, the number IoT botnets continues to increase, millions of vulnerable devices could be abused by threat actors to carry out malicious activities. There is the concrete risk that IoT botnets could be used to launch attacks against critical infrastructure systems worldwide.

In March of this year, Microsoft partnered with Computer Emergency Response Teams (CERTs) across 35 countries to disrupt the infamous Necurs botnet.

“The MJIB is busy with cases of computer intrusions and cyberattacks, with the trend increasing over the last two years. These hackers are targeting the government and the technology industry, trying to steal and leak confidential information and launch full information warfare campaigns,” Microsoft concludes.

“The DCU has taken down 22 botnets since 2010. They have worked with ISPs, domain registries, government CERTs and law enforcement in Taiwan, Mexico, Colombia, India, Japan, France, Spain, Poland, and Romania, among others — doubling down on a commitment for a safer internet, not only for Microsoft’s customers but for citizens of a connected planet.”

Pierluigi Paganini

(SecurityAffairs – LED light control consoles, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]