Smart appliances, including smart fridges have been turned into a botnet spewing malicious emails
Smart appliances, including smart fridges have been turned into a botnet spewing malicious emailsReuters

It's the attack of the gadgets – a cloud security provider has discovered what could be the first cyber-attack launched using connected smart devices such as routers, smart televisions and even a smart fridge.

Proofpoint has uncovered a global attack campaign where 750,000 malicious emails have been sent by a network of 100,000 everyday consumer gadgets such as routers, smart TVs and at least one connected fridge.

Hackers have infected these devices - known generally as the Internet of Things - to create a network of zombie computers known as a botnet.

The Internet of Things refers to the proliferation of everyday products that have been made 'smart' and can wirelessly connect to your PC or the internet to help to improve your life.

Thingbots

The cyber-attacks occurred between 23 December and 6 January this year, featuring three waves each day of 100,000 malicious emails. Over 25% of the emails were sent out by objects that are not conventional laptops, desktop PCs or mobile devices, but rather by what Proofpoint calls "thingbots", ie smart appliances.

No more than 10 emails were sent out from any single IP address, making it very difficult for the cyber-attack to be blocked based on location, and in many cases, the smart devices were all either misconfigured or using default passwords that made them visible and exposed on public Wi-Fi networks, just waiting for someone to take them over.

"Botnets are already a major security concern and the emergence of thingbots may make the situation much worse," said David Knight of Proofpoint.

Infections

"Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them."

IDC predicts that over 200 billion devices will be connected to the internet by 2020. However, the danger is that these "thingbots" are rarely secured using anti-virus and anti-spam software programs the way personal computers are, which is a serious security risk that IT experts have been warning about for the last two years.

Osterman Research's principal analyst Michael Osterman says:

"Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won't work to solve the problem."

The Foundation for Information Policy Research warned back in 2012 that smart meters monitoring gas and electricity are an easy target for foreign terrorists.

The UK government wants smart energy meters to be installed in every household in Britain by 2020. The programme will cost £12 billion for 30 million meters to be installed in homes and businesses.