Global cybersecurity specialist Kaspersky said that it has detected 105 million attacks on IoT devices coming from 276,000 unique IP addresses in the first six months of the year.
The company highlighted that this figure is seven times more than the number found in H1 2018, when only around 12 million attacks were spotted originating from 69,000 IP addresses.
The company said that these attacks had been detected by Kaspersky honeypots, which are networks of virtual copies of various internet connected devices and applications.
The security firm also said that cybercriminals are intensifying their attempts to create and monetize IoT botnets as more and more people and organizations are purchasing smart devices, such as routers or DVR security cameras.
Cybercriminals, however, are seeing more financial opportunities in exploiting such gadgets: they use networks of infected smart devices to conduct dedicated denial of service attacks or as a proxy for other types of malicious actions, Kaspersky said.
Based on Kaspersky’s data analysis attacks on IoT devices are usually not sophisticated, but stealth-like, as users might not even notice their devices are being exploited. The malware family behind 39% of attacks — Mirai — is capable of slipping in via old, unpatched vulnerabilities to the device and taking control. Another technique is password brute-forcing, which is the chosen method of the second most-widespread malware family in the list – Nyadrop. Nyadrop was seen in 38.57% of attacks and often serves as a Mirai downloader. The third most-common attack threatening smart devices — Gafgyt with 2.12% — also uses brute-forcing, the company said.
Kaspersky researchers were able to locate the regions that became sources of infection most often in the first half of 2019. These are China, with 30% of all attacks originating in this country, Brazil (19%) and Egypt (12%). A year ago, in H1 2018 the situation was different, with Brazil leading with 28%, China being second with 14% and Japan following with 11%.
“As people become more and more surrounded by smart devices, we are witnessing how IoT attacks are intensifying. Judging by the enlarged number of attacks and criminals’ persistency, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices,” said Dan Demeter, security researcher at Kaspersky Lab.
In order to avoid attacks, Kaspersky recommends companies to use threat data feeds to block network connections originating from malicious network addresses detected by security researchers. Companies also need to make sure all devices software is up to date, Kaspersky said.
Last month, a report by Kaspersky highlighted that almost 40% of computers used to control smart building automation system were subject to some kind of malicious attack in the first half of 2019.
This study concluded that while it is unclear if such systems were deliberately targeted, they often become a destination for various generic threats. Despite not being sophisticated, many of these threats may pose significant danger to everyday smart building operations, Kaspersky said.
Kaspersky’s report showed that Italy had the highest percentage of attacked smart building computers, with 48.5%, followed by Spain (47.6%), the U.K. (44.4%), Czech Republic (42.1%) and Romania (41.7%).
