New malware campaigns such as Satori, Mirai and Hakai, within days of going public, were being used to attack the IoT devices from honeypot
Being an attractive target for attackers, Internet of Things (IoT) devices are under continuous attack and over 150 million connection attempts have been witnessed in the last 15 months, according to recent findings by a secure infrastructure company Cyxtera Technologies.
The research titled “Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots,” was jointly conducted by Cyxtera’s threat researcher Martin Ochoa and researchers from Singapore University of Technology and Design.
Major countries prone to threat
According to the research findings, 64 per cent of incoming connections were originated in China, followed by 14 per cent from the US. The other countries that witnessed incoming threats include the UK with 9 per cent incoming connections, Israel with 8 per cent and Slovakia 6 per cent.
Immediately upon coming online, all the IoT devices recorded attempted logins and the number of login attempts increased gradually over time, the report states.
New malware campaigns such as Satori, Mirai and Hakai, within days of going public, were being used to attack the IoT devices from honeypot. In several cases, the rise in attacking activity was identified in the days and weeks before the malware was openly named.
Commenting on the findings, Alejandro Correa Bahnsen, VP, Data Science, Cyxtera, said, “IoT devices are an attractive target for attackers, because they are often a security after-thought and its harder to keep them patched and up-to-date – if patches are even available at all.”
Bahnsen further said, “The researchers involved in this project accurately detected several large-scale attacks targeting IoT devices and demonstrated the frequency and speed with which these devices are targeted. This approach can be replicated by other threat researchers to broaden our collective knowledge about these vulnerabilities.”
According to the report, honeypot received 54 per cent of connections through Telnet port, whereas all of the remaining connections were received by HTTP ports.
Most connections in the honeypot were received by IP cameras, which suggests higher interest of attackers in these IoT devices as compared to other devices such as smart switches and printers.
Several latest, large-scale attacks on IoT devices have targeted IP cameras, it adds.