100M smart devices hit in first half of 2019

    117

    VULNERABLE Internet of Things or IoT devices are one of the known entry points for malware and spyware. Sometimes infiltrating networks and systems, other times using the device itself to listen through the microphone or see what the camera is seeing.

    Ever since the proliferation of Mirai, attacks that use exploits swarmed unprotected—mostly China-made CCTV cameras gaining access to their image processors—became commonplace.

    Honeypots, networks of virtual copies of various Internet connected devices and applications over the Web are decoy devices are used to attract the attention of cybercriminals so that security experts like Kaspersky can analyze their activities.

    Kaspersky’s Honeypot detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first half of 2019, nine times more than the same time last year 2018, when only around 12 million attacks were spotted originating from 69,000 IP addresses.

    Network-connected and interactive, or “smart” devices, such as routers or DVR security cameras are becoming widespread, yet security is not top priority for many, thus giving cybercriminals opportunity to tap the vast financial opportunities in exploiting such gadgets.

    They use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions.

    Based on data analysis collected from these honeypots, it was discovered that attacks on IoT devices are usually not sophisticated, but more stealth-like, as users might not even notice their devices are being exploited. Mirai, the malware family behind 39 percent of attacks is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it.

    Nyadrop, a relatively newer but less prevalent exploit was detected in 38.57 percent of attacks and often serves as a Mirai downloader.

    Gafgyt comes in third with 2.12 percent presence. Both exploits use password brute-forcing attacks.

    Researchers were also able to identify the locations where most infections were discovered to have originated during the first six months of 2019. China is number one with 30 percent of all attacks followed by Brazil with 19 percent, then Egypt with 12 percent. In the same period last year, Brazil topped the list with 28 percent, China with 14 percent and Japan with 11 percent.

    The ways to protect devices against these attacks are simple and readily available, and is applicable for both for individuals and enterprises. First, is to check for, download and install updates for the device firmware as soon as possible. Vulnerabilities are fixed through patches within updates.

    It is always highly recommended to change preinstalled passwords. Using complicated passwords that include both capital and lowercase letters, numbers and symbols gets high levels of protection. Third, reboot a device that’s acting strangely. It might help get rid of existing malware but won’t guarantee another attack thus fourth recommendation is to keep access to IoT devices restricted by a local VPN. This allows access them from the home or main network, instead of publicly exposing these over the Internet.