Internet of Things devices are being targeted by cyber attacks within as little as five minutes of being powered up, and hackers are testing their ability to attack IoT devices behind firewalls, according to a new security report from Netscout.
Netscout said that in the past six months, it has observed “cybercriminal activity evolve into a stunningly efficient machine” and that IoT devices “continue to look like an all-you-can eat buffet for malware operators.”
“Our latest Threat Intelligence Report underscores how cybercriminals and crimeware have not only gone to business school, but they can now teach classes,” said Hardik Modi, NETSCOUT’s senior director of threat intelligence, in a statement. “With the cadence of attacks on the rise, businesses can no longer afford to compromise on security. IoT devices are under attack often within just five minutes of being powered up. The threats are real.”
Netscout said that the report on threats in the first half of 2019 “underscores how dramatically the cybercriminal business model has matured into an efficient, global operation.”
“Smart phones, smart homes, and even Apple software are prime targets as botmasters discover and quickly exploit new vulnerabilities,” the company said in its report summary, adding that “we’ve seen proof-of-concept malware targeting IoT devices behind firewalls, which adds another layer of complexity to organizations’ defense.”
The proof-of-concept malware which targets IoT devices behind firewalls “highlights a potentially devastating situation,” Netscout said, because there are 20 times more IoT devices behind firewalls than directly connected to the internet.
Netscout added that it saw “an alarming increase in the number and variants of Mirai in the wild and a significant spike in attempted attacks.” The 2016 emergence of the Mirai botnet attack utilized IoT devices in a massive distributed denial of service attack. Hacked internet of things devices, such as IP cameras, have contributed to the rise of automated botnets, and have been the focus of federal cybersecurity efforts. A 2018 report from the Department of Commerce found that attacks fueled by massive numbers of co-opted internet of things devices have overwhelmed the usual tools for fighting distributed denial of service attacks.
Router manufacturer D-Link recently settled a lawsuit by the Federal Trade Commission over its handling of security for its connected devices, with the company agreeing to bolster device security and undergo regular security audits. Netscout pointed to that example asa silver lining in the threat landscape, adding that it is “seeing more crackdowns on illicit operations, indictments of cybercriminals, and regulations on IoT device security. These efforts go a long way to making a better, more secure internet.”
In terms of DDoS attacks, Netscout said that attack frequency was up 39% in the first half of 2019, compared to the first half of 2018; mid-sized attacks between 100 Gbps and 400 Gbps saw a growth rate of 776%. Attacks larger than 500 Gbps declined 32%.
Netscout also said that cellular and satellite communications are being targeted much more frequently than a year ago, to the tune of a 255% year-over-year jump in attacks on satellite communications and a 193% rise in attacks on wireless communications systems. Wired telecom attacks grew by only about 16%.
Among the report’s other findings:
-Netscout said that attackers are “increasingly taking advantage of everything from smart home sensors to smartphones, routers, and even Apple software to discover and weaponize new attack vectors.”
-Automation and easy access mean that even novices can put together attacks. Netscout said that it worked with one university whose online test system and curriculum were under repeated local attack — likely by one of the university’s own students.
Netscout’s report is based on data from its Active Level Threat Analysis System, or ATLAS, and analysis from its ATLAS Security Engineering and Response Team. ATLAS powers the company’s Cyber Threat Horizon, a global cybersecurity situational awareness platform.