Defending Our Digital Home: Is your home Internet connection under attack?

In our interconnected world of fibre broadband, mobile phones, and homes full of ‘Internet of Things’ devices, where digital highways cross continents, our internet connections are often the lifeblood of communication, work, and entertainment (at least our teenagers think so).

But lurking in the shadows are cyber adversaries, constantly probing and attacking these vital pathways.

I wanted to understand the attacks a typical home internet connection may experience and, more importantly, what we must act on to protect our homes and families.

Why would your home internet connection be under attack?

In the vast digital expanse, where data flows ceaselessly, cyber adversaries prowl with intent, or at least that’s what an old, cynical cybersecurity professional like me thinks.…. But am I right, and if so, what motivates these people?

From my professional experience, their motivations are diverse, their methods cunning, and their impact often far-reaching. They may not necessarily be trying to target your home internet connection and home network. You’re just an IP address they throw their tools at to see what sticks.

Let’s examine some common motivations for cyber-attacks:

1. Financial Gain

• Ransomware: The modern-day highway robbery. Attackers encrypt your files and demand a hefty ransom for the decryption key. Pay up or possibly lose your data forever. After all, your reputation, especially if you’re a company, is at risk, not just your data.

• Financial Fraud: Stolen credit card details, bank credentials, and cryptocurrency wallets fuel a thriving underground economy.

2. Espionage and Nation-State Agendas

• State-Sponsored Attacks: Governments use cyber warfare to steal secrets, disrupt infrastructure, or gain geopolitical advantage. Again, they may not target you specifically, but your home network may be an excellent place to target someone else.

• Corporate Espionage: Competitors infiltrate rival companies to steal intellectual property, trade secrets, and strategic plans. For people who work remotely, it’s often easier to target your home network as a jump-off point rather than trying to tackle the security of the organisation you work for directly.

3. Ideology and Activism

• Hacktivism: Digital Robin Hoods fighting for a cause. They deface websites, leak sensitive data, and disrupt services to make a statement. You may support a specific cause, and someone has taken Umbridge to that.

• Political Agendas: Cyberattacks during elections or protests aim to sway public opinion or destabilise governments. We’ve seen many stories about digital influence using social media such as Facebook and TikTok. Attackers don’t always have to come after you directly, remember.

How could my home internet connection/home network be attacked?

Cyber attackers have a wide range of tools and techniques they can use.

Methods include automated scanning for open ports or vulnerabilities, password guessing of network devices, and exploiting known firmware or software vulnerabilities. For example, routers run on firmware, which rarely gets updated. Attackers can exploit these unpatched security flaws. Also, most routers often come with pre-set default passwords, which most of us don’t change, making them susceptible to attack. Unfortunately, attackers can easily guess or find these default passwords, gaining unauthorised access to countless devices connected to your network. We must change the default passwords for our Wi-Fi and the administrative login to the routers.

How can I understand what attacks are occurring on my home internet connection?

Well, I’m a bit of a geek. 27 years in cybersecurity and networking does that to a person, so I found a way. You see, your home network is like a fortress with multiple gates. The gateway to this fortress is your service provider router. As mentioned, there are ways to compromise these gateways, so we need some guards on the gate to monitor things. I mainly want my guards to be effective in protecting my gate.

In this case, however, I want to build a fake gate which is open and has a guard asleep so I can understand what attacks are coming my way and, through analysis, understand what measures I need to put in place to provide suitable protection.

I found this in a powerful tool called T-Pot, an all-in-one multi-honeypot platform.

What Is a Honeypot?

Before diving into T-Pot, let’s briefly explore honeypots. These intriguing cybersecurity decoys are designed to attract malicious actors. They mimic vulnerable systems, enticing attackers to interact with them. By analysing behaviour, we gain valuable insights into attack techniques, patterns, and vulnerabilities.

Introducing T-Pot

T-Pot takes honeypots to the next level by supporting 20+ honeypots and covering a wide range of services and protocols. Whether SSH, HTTP or even VoIP, T-Pot has you covered.

It comes with Elastic Stack Integration, allowing you to visualise and analyse honeypot data quickly. You can deep dive into Kibana dashboards, explore animated live attack maps, and gain actionable insights. T-Pot allows you to understand attacker behaviour and improve defences.

For more information on T-Pot, head to the project GitHub page at https://github.com/telekom-security/tpotce.

So, what did I find?

Well, I’ve had T-Pot up and running for a few weeks now, and the data is interesting.