Cyber attacks on IoT devices are at an all-time high. Cybersecurity researchers have detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of the year 2019. This figure is around nine times more than the number found in the same period last year. In 2018, only around 12 million attacks were spotted originating from 69,000 IP addresses. Hackers and bad actors are also intensifying their attempts to create and monetize IoT botnets, courtesy of weak security of IoT products, according to the Kaspersky report titled ‘IoT: a malware story.’
Despite more number of organisations and individuals opting for smart, IoT-enabled devices like routers and DVR security cameras, security researchers have pointed out the lack of intention for protection of these devices among consumers. At the same time, hackers and cybercriminals are seeing more and more financial opportunities in exploiting such gadgets, Kaspersky noted adding that hackers use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions.
Cybersecurity experts and researchers set up honeypots - decoy devices used to attract the attention of cybercriminals and analyze their activities. Below are the findings of the study.
-- Attacks on IoT devices are usually not advanced, but hidden, as users might not even notice their devices are being exploited.
-- 39% of attacks were caused by Mirai malware family, which is capable of using exploits by slipping through old, unpatched vulnerabilities to the device and control it.
-- Second most used technique (38.7% of attacks) chosen by another malware family Nyadrop was is password brute-forcing.
-- The third most common botnet threatening smart devices - Gafgyt with 2.12% - also uses brute-forcing.
-- 30% of all attacks took place in China, followed by Brazil (19% of attacks) and Egypt (12% of attacks).
“As people become more and more surrounded by smart devices, we are witnessing how IoT attacks are intensifying. Judging by the enlarged number of attacks and criminals’ persistency, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations," said Dan Demeter, a security researcher at Kaspersky Lab. It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices.”