In a worldwide study using honeypots to attract cyberattackers, Kaspersky finds that attacks on internet of things (IoT) devices have risen dramatically since 2018.
Kaspersky has just released its “IoT: A Malware Story” report which says the multinational security company found 105 million attacks on IoT devices coming from 276,000 different IP addresses in the first half of 2019. This is nine times greater than the first six months of 2018. In 2018, in total, there were 12 million attacks on IoT devices. These devices can be anything connected to the internet, like routers, smart systems, cameras and even cutting-edge manufacturing machinery, making the threat to them one that can affact both consumers and businesses.
Attackers capitalize on IoT devices weak security
The report’s press release says cyberattacks on IoT devices are “booming,” and that:
“As more and more people and organizations are purchasing network-connected smart devices, such as routers or DVR security cameras, without recognizing the security risks. Cybercriminals are intensifying their attempts to create and monetize IoT botnets, capitalizing on the devices’ weak security.”
An earlier report, on September 14, by F-Secure warns that cyberattacks on IoT devices, according to Forbes, are “accelerating at an unprecedented rate.” F-Secure’s report, “Attack Landscape H1 2019” declares a three-times increase on this type of attack up to 2.9 billion events. F-Secure also uses honeypots and says it’s the first time that honeypot attacks have “hit the billion mark.”
What are honeypots?
Honeypots are a cybersecurity tool and decoy which mimic attack targets and attract cyberattackers. They can be used to either detect or deflect attacks, and gain valuable information as to how cybercriminals operate. With increasing sophistication of attack vectors tactics like honeypots are vital for cybersecurity professionals to keep ahead of criminals.
Research by Norton parent, Symantec, in 2015, using honeypots, allowed it to pinpoint the geographic location of attacking IP addresses. Not just that, the research found that some of the first passwords attackers tried in order to access IoT systems were “admin” and “123456.” A revelation that proves that cyberattackers still expect businesses and consumers to be using such simple passwords.
Attackers guess IoT device passwords
One Kaspersky security researcher, Dan Demeter, says:
“Judging by the enlarged number of attacks and criminals’ persistence, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. It’s quite easy to change the default password, so we urge everyone to take this simple step toward securing your smart devices.”
According to a Verizon Data Breach Investigations Report in 2018, reported by Trace Security, 81% of company data breaches were due to poor passwords. And, that 70% of employees reuse passwords at work. PixelPrivacy says that Millennials aged 18-31 are the worst for poor passwords with 87% admitting they reuse passwords even though they know not to.
20,000 infections every 15 minutes to just 50 honeypots
Kaspersky’s latest IoT cybersecurity study, reported by TechRepublic on October 15, used 50 honeypots that simulated web servers and real devices. Some were discovered and revealed by cyberattackers, but over the course of a year the honeypots tracked 20,000 infections every quarter of an hours.
The attack vectors included Mirai, a type of malware family that targets weak IoT devices to use in large-scale DDoS attacks. It was Mirai that was used in 2016 resulting in the largest internet failure in US history.
Kaspersky says 30% of the attacks originated in China, 19% in Brazil and 12% from Egypt. In 2018 more IoT attacks came from Brazil at 28%, then China generating 14% of attacks, and Japan at 11%. It’s worth noting that these geographic observations may be based on IP addresses rather than the location or nationality of the actual attacker.
Breached IoT devices can be used in further cyberattacks, to release malware, and to otherwise attack the networks they are connected to.
Cybersecurity protection for IoT devices
In the report, Kaspersky’s makes a number of recommendations including:
- Keeping on top of update installs as this is how vulnerabilities are fixed by IoT makers
- Change preinstalled passwords and use complicated passwords
- If a device acts strangely, reboot it, but this won’t prevent future attacks
- Restrict IoT devices to a local VPN or internet provider rather than risking public exposure
And for businesses:
- Using threat data feeds to block network connections coming from known malicious networks
- Ensuring all software is up to date and putting unpatched devices on a separate network where they cannot be accessed by unauthorised users.
Cyberattacks on IoT devices are a further example of where emerging technologies are creating news sources of risk for businesses and consumers and new opportunities for attackers. Artificial intelligence (AI) is also creating new threats to organisations and even drones could be used to breach a business physically or digitally.