- Capitalising on the weak security of IoT products, cybercriminals are intensifying their attempts to create and monetise IoT botnets
- Cybercriminals use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions
- The malware family behind 39% of attacks – Mirai – is capable of using exploits
- Nyadrop was seen in 38.57% of attacks and often serves as a Mirai downloader
- The third most common botnet threatening smart devices – Gafgyt with 2.12% – uses brute-forcing
Kaspersky has detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of 2019. This figure is around nine times more than the number detected in H1 2018 when only around 12 million attacks were spotted originating from 69,000 IP addresses.
According to a report on honeypot activity in H1 2019, cybercriminals are intensifying their attempts to create and monetise IoT botnets by using the weak security of IoT products.
Cyberattacks on IoT devices are increasing, as even though more and more people and organisations are purchasing ‘smart’ devices. Cybercriminals use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions. Kaspersky experts have set up honeypots – decoy devices used to attract the attention of cybercriminals and analyse their activities.
More about the malware family
The report showed that the malware family behind 39% of attacks – Mirai – is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it. Another technique is password brute-forcing, which is the chosen method of the second most widespread malware family in the list – Nyadrop. Nyadrop was seen in 38.57% of attacks and often serves as a Mirai downloader. The third most common botnet threatening smart devices – Gafgyt with 2.12% – also uses brute-forcing.
Most affected regions
The researchers also mentioned the regions that became sources of infection most often in H1 2019. These are China, with 30 per cent of all attacks taking place in this country, Brazil saw 19 per cent and this is followed by Egypt which saw 12 per cent.
What Kaspersky recommends
- Install updates for the firmware you use as soon as possible.
- Always change preinstalled passwords. Use complicated passwords that include both capital and lower-case letters, numbers and symbols.
- Reboot a device as soon as you think it’s acting strangely.
- Keep access to IoT devices restricted by a local VPN, allowing you to access them from your “home” network, instead of publicly exposing them on the internet.
It also recommends companies to use threat data feeds to block network connections originating from malicious network addresses detected by security researchers. Also, all devices software should be up to date and unpatched devices should be kept in a separate network inaccessible by unauthorised users.