Over 105 million cyberattacks on Internet of Things devices detected in first half of 2019
In the first six months of the year, Kaspersky Honeypots detected over 105 million cyberattacks on Internet of Things (IoT) devices originating from 276,000 unique IP addresses.
This estimate is nearly nine times higher than that observed in H1 2018, when only about 12 million attacks were detected originating from 69,000 IP addresses.
Capitalizing on the weak security of IoT products, cyber criminals are stepping up their attempts to create and monetize IoT botnets, Kaspersky said.
This and other findings form part of the’ IoT: a malware story ‘ report on honeypot activity in H1 2019.
Kasperksy said, “Based on data analysis collected from honeypots, attacks on IoT devices are usually not sophisticated, but stealth-like, as users might not even notice their devices are being exploited.”
“The malware family behind 39% of attacks – Mirai – is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it. Another technique is password brute-forcing, which is the chosen method of the second most widespread malware family in the list – Nyadrop.”
“Nyadrop was seen in 38.57% of attacks and often serves as a Mirai downloader. This family has been trending as one of the most active threats for a couple of years now. The third most common botnet threatening smart devices – Gafgyt with 2.12% – also uses brute-forcing.”
Cyber attacks on IoT systems are booming, as though more and more people and organizations are buying’ smart’ (network-connected and interactive) devices, such as routers or DVR security cameras, not everyone finds them worth protecting. Nevertheless, cyber criminals are seeing more and more financial opportunities to hack these devices.
Dan Demeter, security researcher at Kaspersky, said, “As people become more and more surrounded by smart devices, we are witnessing how IoT attacks are intensifying. Judging by the enlarged number of attacks and criminals’ persistency, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations.”
“This is much easier than most people think: the most common combinations by far are usually “support/support”, followed by “admin/admin”, “default/default”. It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices”.
To learn more about how these attacks operate and how to stop them, Kaspersky experts have set up honeypots–decoy devices that are used to attract the attention of cyber criminals and to observe their activities.
Key insights from Europol-ENISA IoT Security Conference
Europol and the European Agency for Network and Information Security (ENISA) have joined forces to gather the leading experts from the private sector, law enforcement and cyber-security community to discuss the security challenges around Internet of Things (IoT).
The main recommendations of the conference were:
- systems are no exception.”
- “Law enforcement needs to be in a position to go beyond defence and incident response by being able to investigate and prosecute the criminals abusing connected devices.”
- “There is a need to discuss digital forensics in regard to IoT and the importance of data and privacy protection, considering the amount and different categories of data collected by the IoT.”
- “ENISA and Europol should continue working closely together to inform key stakeholders of the need to be aware of the cybersecurity and criminal aspects associated with deploying and using these devices.”
- “In 2019 and beyond, holistic, pragmatic, practical and economically viable security solutions need to be promoted and the entire IoT ecosystem needs to be looked into.”
- “Cybersecurity is a shared responsibility. Stronger collaborations with industry are planned together with other initiatives to ensure coordinated efforts and explore all possible synergies.”
Cybersecurity Insight Analysis
In addition, researchers have been able to locate regions that have become the most frequent sources of infection in H1 2019. These are China, with 30 per cent of all attacks taking place in this country, with Brazil responsible for 19 per cent, followed by Egypt (12%). A year later, in 2018, the situation was different, with Brazil at 28 per cent, China at 14 per cent, and Japan at 11 per cent.