Cybercriminals take advantage of the poor security of IoT devices to intensify their attempts to create and monetize IoT botnets.
Kaspersky honeypots have detected 105 million attacks on IoT devices from 276,000 unique IP addresses in the first half of the year. This figure is seven times higher than that registered in the same period of 2018 when only about 12 million attacks from 69,000 IP addresses were detected.
Cybercriminals take advantage of the poor security of IoT products to intensify their efforts to create and monetize botnet s of IoT. This is one of the conclusions of the report prepared by the company, ‘IoT: a malware story’ about the activity of honeypots in the first half of 2019 ‘.
Cyber attacks on IoT devices continue to rise. Although more and more people and organizations acquire smart devices (interactive and connected to the network), such as routers or DVR security cameras, not everyone considers it necessary to protect them. However, cybercriminals see more and more financial opportunities in the exploitation of these gadgets.
They use infected smart device networks to perform DDoS attacks or as a proxy for other types of malicious actions. To learn more about how these attacks work and how to prevent them, Kaspersky experts installed honeypots to attract the attention of cybercriminals and analyze their activities.
The Mirai family of malware can go unnoticed through old and unpatched vulnerabilities of the device and control it.
Sophisticated attacks and stealth
According to the analysis of the data collected by the honeypots, attacks on IoT devices are usually not sophisticated, but of a stealthy type, so that users do not even realize that their devices are being attacked. The family of malware behind 39% of the attacks, the Mirai, is capable of using exploits, which means that these botnets can go unnoticed through old and unpatched vulnerabilities of the device and control it.
Another of the techniques used are brute force attacks to get passwords, the method chosen by the second most widespread malware family on the list: Nyadrop. Nyadrop was present in 38.57% of the attacks and often served as a Mirai downloader. This family has become one of the most active threats for a couple of years. The third most common botnet that threatens these intellective devices is Gafgyt (2.12%) that also uses the brute force technique.
