IoT under fire: More than 100 million attacks on smart devices in H1 2019

Cybercriminals, however, are seeing more and more financial opportunities in exploiting such gadgets.

Update: 2019-10-24 05:41 GMT
F-Secure's detection and response solutions detected 15 threats in a single month at a company with 1300 endpoints and 7 threats in a single month at a company with 325 endpoints.

Kaspersky honeypots – networks of virtual copies of various internet-connected devices and applications – have detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of the year. This figure is around nine times more than the number found in H1 2018 when only around 12 million attacks were spotted originating from 69,000 IP addresses. Capitalizing on weak security of IoT products, cybercriminals are intensifying their attempts to create and monetize IoT botnets. This and other findings are a part of the ‘IoT: a malware story’ report on honeypot activity in H1 2019.

Cybercriminals, however, are seeing more and more financial opportunities in exploiting such gadgets. They use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions. To learn more about how such attacks work and how to prevent them, Kaspersky experts set up honeypots - decoy devices used to attract the attention of cybercriminals and analyze their activities.

Based on data analysis collected from honeypots, attacks on IoT devices are usually not sophisticated, but stealth-like, as users might not even notice their devices are being exploited. The malware family behind 39 per cent of attacks - Mirai - is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it. Another technique is password brute-forcing, which is the chosen method of the second most widespread malware family in the list – Nyadrop. Nyadrop was seen in 38.57 per cent of attacks and often serves as a Mirai downloader. This family has been trending as one of the most active threats for a couple of years now. The third most common botnet threatening smart devices - Gafgyt with 2.12 per cent - also uses brute-forcing.

In addition, the researchers were able to locate the regions that became sources of infection most often in H1 2019. These are China, with 30 per cent of all attacks taking place in this country, Brazil saw 19 per cent and this is followed by Egypt (12 per cent). A year ago, in H1 2018 the situation was different, with Brazil leading with 28 per cent, China being second with 14 per cent and Japan following with 11 per cent.

Tags:    

Similar News