IoT Devices Under Attack; China Top Source
By EDD K. USMAN, SDN, Twitter: @edd1819, Instagram: @bluestar0910, Facebook: SDN — Science, Digital & Current News
(SDN) — INTERNET of Things (IoT) devices continue to be under constant attack.
A Kaspersky research showed China (30%) is the number one source of the worldwide onslaught, followed by Brazil (19%), and third (surprise?), the land of the pharaohs, Egypt (12%).
The global cybersecurity company recalled that Chinese attackers put their country — 14% — only at number two in the first six months of 2018. Brazil — 19% — was the top source of malware infections then.
But for the same period in 2019, the role has reversed.
In 2018, Japanese hackers put Japan — 11% — at number three in 2018, now it’s Egypt.
Kaspersky cybersecurity researchers’s findings were compiled in the “IoT: A Malware Story” as they noted that cybercriminals have been capitalizing on IoT products’ weak security and intensifying their attacks in their attempts to create and monetize botnets.
For the research, Kaspersky created honeypots, which it described as networks of virtual copies of various internet connected devices and applications. The honeypots have uncovered 105 million attacks on IoT devices launched from 276,000 unique IP addresses for the first half of the year (H1 2019).
The rise in the unique IP addresses from where cybercriminals have launched their attacks looks staggering — only 69,000 IP addresses and some 12 million attacks in H1 2018, a nine times increase.
Kaspersky, a Russian cybesecurity firm, noted the escalating cyberattacks on IoT devices in spite of more and more people and organizations purchasing “smart” devices, which are network-connected and interactive. The devices include routers or DVR security cameras. Problem is though the said devices are being leveraged, other people don’t see them as worth protecting.
This leaves the door open for cyber bad guys out to make money. They see more and more dollar signs in exploiting such gadgets and they utilize networks of infected smart devices to launch DDoS attacks or as a proxy for other types of malicious actions.
Kaspersky wanted to learn more about how such attacks work and ways to prevent them, thus it set up honeypots — decoy devices used to attract the attention of cybercriminals and analyze their activities.
Analysis of data collected from honeypots, it was learned that attacks on IoT devices are usually not sophisticated, but stealth-like, as users might not even notice their devices are being exploited.
The malware family behind 39% of attacks — Mirai — is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it.
Another technique is password brute-forcing, which is the chosen method of the second most widespread malware family in the list – Nyadrop.
That data revealed that Nyadrop was involved in 38.57% of attacks and often serves as a Mirai downloader. This family has been trending as one of the most active threats for a couple of years now. The third most common botnet threatening smart devices — Gafgyt with 2.12% — also uses brute-forcing.
A Kaspersky researcher, Dan Demeter, noted the increased usage of IoT devices and the rise in attacks.
“As people become more and more surrounded by smart devices, we are witnessing how IoT attacks are intensifying. Judging by the increased number of attacks and criminals’ persistence, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing passwords and login combinations,” he pointed out.
He advised users to change the default password of their devices.
“This is much easier than most people think: the most common combinations by far are usually ‘support/support’, followed by ‘addmin/admin’, ‘default/default’. It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices,” Demeter said.
Kaspersky gave recommendations on how to keep devices safe:
- Install updates for the firmware you use as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.
- Always change preinstalled passwords. Use complicated passwords that include both capital and lowercase letters, numbers and symbols if it’s possible.
- Reboot a device as soon as you think it’s acting strangely. It might help get rid of existing malware, but this doesn’t reduce the risk of getting another infection.
- Keep access to IoT devices restricted by a local VPN, allowing you to access them from your “home” network, instead of publicly exposing them on the internet.
Companies should take the following measures:
- Use threat data feeds to block network connections originating from malicious network addresses detected by security researchers.
- Make sure all devices software is up to date.
- Unpatched devices should be kept in a separate network inaccessible by unauthorized users.
The Russian tech company has a cybersecurity team dubbed GReAT (Global Research and Analysis Team. (SDN)