Woburn, MA – October 15, 2019 – Kaspersky honeypots detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of 2019. This figure is almost nine times greater than the number found in H1 2018, when about 12 million attacks were spotted, originating from 69,000 IP addresses. The findings come from Kaspersky’s “IoT: A Malware Story” report on honeypot activity in H1 2019.
Cyberattacks on IoT devices are booming, as more and more people and organizations are purchasing network-connected smart devices, such as routers or DVR security cameras, without recognizing the security risks. Cybercriminals are intenfsifying their attempts to create and monetize IoT botnets, capitalizing on the devices’ weak security. They use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions. To learn more about how such attacks work and how to prevent them, Kaspersky researchers set up honeypots – decoy devices used to attract the attention of cybercriminals and analyze their activities.
According to the analysis of honeypot data, attacks on IoT devices are generally not sophisticated, but are stealthy, leaving users unaware that their devices are being exploited. Mirai, the malware family behind 39% of attacks, is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it. Another technique is password brute-forcing, which is the method used by the second most widespread malware family in the list – Nyadrop. Nyadrop was seen in 38.57% of attacks and often serves as a Mirai downloader. This family has been trending as one of the most active threats for a couple of years now. The third most common botnet threatening smart devices, Gafgyt, was used in 2.12% of attacks and also uses brute-forcing.
The researchers also located the regions that were the sources of infection most often in H1 2019. Thirty percent of all attacks originated in China, followed by Brazil at 19% and Egypt at 12%. A year ago, in H1 2018, Brazil led with 28%, China was second at 14% and Japan followed with 11%.
“As people become increasingly surrounded by smart devices, we are witnessing the way IoT attacks are intensifying,” said Dan Demeter, security researcher at Kaspersky. “Judging by the enlarged number of attacks and criminals’ persistence, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. This is much easier than most people think: the most common combinations, by far, are usually ‘support/support,’ followed by ‘admin/admin,’ and ‘default/default.’ It’s quite easy to change the default password, so we urge everyone to take this simple step toward securing your smart devices.”
Read the full text of the report on Securelist.com
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
Sawyer Van Horn