3 Million smart toothbrushes used to launch a DDoS attack on a Swiss firm

It’s common knowledge that ALMOST anything that is connected to the Internet, such as a smart TV, a speaker and even a web camera, can used for spying on people and launching a cyber-attack when needed. But now, cyber criminals have started deploying seemingly innocuous devices — smart toothbrushes — to target companies with DDoS (Distributed Denial of Service) attacks.

In a recent incident, a Swiss company suffered a major cyberattack that involved millions of smart toothbrushes being hacked and used to overload its website with traffic. The incident exposed the security flaws of internet-connected devices.

While the details about this incident are scarce at the moment, a report by ZDNET says that the website of a Swiss company was offline for several hours due to a distributed denial-of-service (DDoS) attack. This type of attack aims to disrupt a service by overwhelming it with requests from multiple sources. In this case, the sources were smart toothbrushes that had been infected with malware and controlled by the attackers.

The attack was revealed by Fortinet, a cybersecurity firm that has been warning about the dangers of IoT devices. Stefan Züger and his team, from Fortinet conducted an experiment in which they left an unprotected computer online and saw it hacked in just 20 minutes.

How to protect yourself from cyberattacks?

Experts advise users to keep their networked devices updated with the latest security patches and to use antivirus software to prevent malware infections. They also suggest monitoring the energy and data consumption of the devices, as unusual spikes could indicate a compromise. In addition to this, IoT devices should be isolated from other networks and devices that contain sensitive information.

Mother of all Breaches

Meanwhile, Cybersecurity researchers at Cybernews have reported a massive online leak of over 26 billion data records from popular apps such as LinkedIn, X (previously known as Twitter), Weibo, Snapchat, Tencent, and others. This enormous data leak, referred to as the ‘Mother of All Breaches’ (MOAB), is one of the largest ever discovered, with the data reportedly amounting to a staggering 12 terabytes.

The researchers indicate that while a significant portion of the stolen dataset originates from data breaches, it’s likely to contain new, previously unpublished material as well, raising serious concerns. The leaked data extends beyond mere login credentials, encompassing sensitive and valuable information that could be exploited by malicious actors, according to the report. The ‘Mother of All Breaches’ comprises 3,800 folders, each containing different information, and collectively holding 26 billion records.

“The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks, including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts,” the researchers said.