The digital attacks targeting IoT devices are booming, even though more and more people and organizations are buying "smart" (networked and interactive) devices.
ΤKaspersky's honeypots - backup networks of various Internet-connected devices and applications - have detected 105.000.000 attacks on IoT devices coming from 276.000 unique IP addresses in the first six months of the year.
This number is about nine times higher than in the first half of 2018, when about 12.000.000 attacks were detected coming from 69.000 IP addresses. Taking advantage of the weak security of IoT products, digital criminals are stepping up their attacks in order to monetize IoT botnets.
This and other findings are part of the "IoT: a history of malware" report on honeypots activity in the first half of 2019.
Digital attacks on IoT devices are booming, and even though more and more people and organizations are buying "smart" (networked and interactive) devices, such as routers or DVR security cameras, not everyone considers them worthy of protection. However, digital criminals are seeing more and more financial opportunities to exploit such gadgets. They use networks of "infected" smart devices to carry out DDoS attacks or as a proxy for other types of malware. To learn more about how these attacks work and how to prevent them, Kaspersky's experts set up honeypots as bait to catch the attention of digital criminals and analyze their activities.
Based on the analysis of data collected from honeypots, attacks on IoT devices are not usually sophisticated but they manage to go unnoticed, as users may not even notice that their devices are being exploited. The malware family behind 39% of Mirai attacks is able to exploit, which means that these botnets can slip through old, unrepaired vulnerabilities into the device and control them. Another technique is brute-forcing passwords, which is the method chosen by the second most common family of malware on the list - Nyadrop.
To keep their devices safe, Kaspersky recommends that users:
- Install updates for the firmware you are using as soon as possible. Once a vulnerability has been identified, it can be fixed via patches within the updates.
- Always change pre-installed passwords. Use complex passwords that include uppercase and lowercase letters, numbers, and symbols if possible.
- Restart a device as soon as you think it is behaving strangely. It may help to get rid of existing malware, but this does not reduce the risk of another "infection".
- Keep access to IoT devices restricted through a local VPN, which will allow you to access them from your "home" network instead of being publicly exposed on the internet.
Kaspersky recommends that companies take the following steps:
- Use threat data feeds to block network connections from malicious network addresses detected by security investigators.
- Make sure the software on all devices is up to date. Vulnerable devices must be kept on a separate network that is not accessible to unauthorized users.