International. Kaspersky honeypots, networks of virtual copies of various devices and applications connected to the Internet, have detected 105 million attacks on IoT devices from 276,000 unique IP addresses in the first six months of the year.
This figure is seven times more than the number found in the first half of 2018, when only about 12 million attacks from 69,000 IP addresses were detected. Taking advantage of the weak security of IoT products, cyber criminals intensify their attempts to create and monetize IoT botnets. This and other findings are part of the "IoT: A Malware Story" report on honeypot activity in the first half of 2019.
Cyber attacks on IoT devices are booming, as while more and more people and organizations are buying "smart" (network-connected and interactive) devices, such as routers or DVR security cameras, not everyone considers them worth protecting.
However, cybercriminals see more and more financial opportunities in the exploitation of such devices. They use networks of infected smart devices to perform DDoS attacks or as a proxy for other types of malicious actions. To learn more about how these attacks work and how to prevent them, Kaspersky experts set up honeypots: decoy devices used to attract the attention of cybercriminals and analyze their activities.
According to analysis of data collected from honeypots, attacks on IoT devices are generally not sophisticated, but stealthy, as users might not even notice that their devices are being exploited. The malware family behind 39% of attacks, Mirai, is capable of using exploits, which means these botnets can pass through old, unpatched vulnerabilities of the device and control it.
Another technique is the brute force password, which is the method chosen by the second most widespread malware family on the list: Nyadrop. Nyadrop was seen in 38.57% of attacks and often serves as a Mirai downloader. This family has been one of the most active threats for a couple of years. The third most common smart device threatening the botnet, Gafgyt at 2.12%, also uses brute force.
In addition, the researchers were able to locate the regions that became most frequent sources of infection in the first half of 2019. These are China, with 30% of all attacks taking place in this country, Brazil saw 19% and Egypt follows (12). %). A year ago, in the first half of 2018, the situation was different, with Brazil leading with 28%, China being the second with 14% and Japan following with 11%.
To keep their devices safe, Kaspersky recommends users:
- Install updates for the firmware you use as soon as possible. Once a vulnerability is found, it can be fixed by patching within updates.
- Always change pre-installed passwords. Use complicated passwords that include uppercase and lowercase letters, numbers, and symbols if possible.
- Restart a device as soon as you think it's acting strangely. It can help remove existing malware, but this does not reduce the risk of getting another infection.
- Keep access to IoT devices restricted by a local VPN, allowing you to access them from your "home" network, rather than publicly exposing them on the internet. Wireguard is a simple, open-source VPN solution that may be interesting to try.
Kaspersky recommends that companies take the following steps:
- Use threat data to block network connections that originate from malicious network addresses detected by security researchers.
- Make sure the software on all devices is up to date. Unpatched devices should be kept on a separate network, inaccessible to unauthorized users.
