Smart devices suffer 100 million attacks in H1 2019
In the first half of the year (H1), over 100 million attacks were launched against smart devices by cybercriminals.
A smart device is an electronic device, generally connected to other devices or networks via different wireless protocols such as Bluetooth, Zigbee, NFC, Wi-Fi, LiFi, 3G, and a host of others that can operate to some extent interactively and autonomously.
The attacks, according to Kaspersky Lab, rose nine times more than the number found in H1 2018, when only about 12 million attacks were spotted originating from 69,000 Internet Protocol (IP) addresses.
Specifically, Kaspersky said networks of virtual copies of various Internet-connected devices and applications detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of the year.
The firm stressed that capitalising on weak security of IoT products, cybercriminals are intensifying their attempts to create and monetise IoT botnets. This and other findings are a part of the ‘IoT: a malware story’ report on honeypot activity in H1 2019.
It said cyberattacks on IoT devices are booming, as even though more and more people and organisations are purchasing ‘smart’ (network-connected and interactive) devices, such as routers or DVR security cameras, not everybody considers them worth protecting.
It noted that cybercriminals, however, are seeing more and more financial opportunities in exploiting such gadgets, adding: “They use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions. To learn more about how such attacks work and how to prevent them, Kaspersky experts set up honeypots – decoy devices used to attract the attention of cybercriminals and analyse their activities.”
To keep your devices safe, Kaspersky recommends users install updates for the firmware as soon as possible, as once a vulnerability is found, it can be fixed through patches within updates.
“Always change preinstalled passwords. Use complicated passwords that include both capital and lower-case letters, numbers, and symbols if it’s possible. Reboot a device as soon as you think it’s acting strangely. It might help get rid of existing malware, but this doesn’t reduce the risk of getting another infection. Keep access to IoT devices restricted by a local VPN, allowing you to access them from your ‘home’ network, instead of publicly exposing them on the Internet.”
Besides, it recommended that companies use threat data feeds to block network connections originating from malicious network addresses detected by security researchers. Secondly, they need to make sure all devices software is up-to-date, adding that unpatched devices should be kept in a separate network inaccessible by unauthorised users.
Kaspersky said based on data analysis collected from honeypots, attacks on IoT devices are usually not sophisticated, but stealth-like, as users might not even notice their devices are being exploited. It noted that the malware family behind 39 per cent of attacks – Mirai – is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it.
Another technique, according to it is password brute-forcing, which is the chosen method of the second most widespread malware family in the list – Nyadrop. It said Nyadrop was seen in 38.57 per cent of attacks and often serves as a Mirai downloader. This family has been trending as one of the most active threats for a couple of years now. The third most common botnet threatening smart devices, Gafgyt, with 2.12 per cent – also uses brute-forcing.
In addition, the researchers located the regions most prone to infection in H1 2019. These are China, with 30 per cent of all attacks taking place in this country; Brazil saw 19 per cent; Egypt (12 per cent). In H1 2018, the situation was different, with Brazil leading with 28 per cent, China 14 per cent, and Japan 11 per cent.
“As people become more and more surrounded by smart devices, we are witnessing how IoT attacks are intensifying. Judging by the enlarged number of attacks and criminals’ persistency, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. This is much easier than most people think: the most common combinations by far are usually “support/support”, followed by “admin/admin”, “default/default”. It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices” – said Dan Demeter, a security researcher at Kaspersky,” it stated.
No comments yet