Security experts at Kaspersky report the number of IoT malware attacks have more than doubled over the past year.
Kaspersky monitor attacks with a ‘honeypot’ of insecure devices which imitate IoT devices. In 2016, the company detected 3,219 samples of different malware. As of May this year, Kaspersky’s honeypot caught 7,242 samples.
The rapidly increasing number of IoT devices around the globe has always been expected to be a prime target for cybercriminals. As we saw in the record-breaking DDoS (Distributed Denial of Service) attack on Dyn last year, the sheer amount of traffic from various locations all over the world can overwhelm even the best defenses.
But although botnets are the most common scenario and can be devastating to businesses who fall victim to attacks, they’re not the biggest concern for individuals. Malware can make consumer devices perform illegal activities or be used to spy on users for blackmail purposes. When infected, perhaps the best a user can hope for is that it simply bricks the device…
Earlier this year, an IoT malware variant called ‘BrickerBot’ began circulating. As the name suggests, its sole purpose is to render devices unusable. The malware has been praised by some in the cybersecurity field – with many observing it could have been created by a vigilante hacker – as it’s prevented insecure devices otherwise being hijacked for nefarious purposes. While it bricks devices which consumers have spent their hard-earned cash on, it could prevent them landing in prison or becoming the victim of blackmail. Furthermore, the consumer is within their right to demand a replacement or refund from the device manufacturer for not ensuring their product is adequately secured and safe to use.
One of the most common vulnerabilities is the use of default admin passwords which users aren’t prompted to change. Over 63% of infected devices which attacked Kaspersky’s honeypot could be identified as DVR services or IP cameras, while about 20% were different types of network devices and routers from all the major manufacturers. 1% were WiFi repeaters and other network hardware, TV tuners, Voice over IP devices, Tor exit nodes, printers and ‘smart-home’ devices. About 20% of devices could not be identified unequivocally.
Within ‘just a few seconds’ of setting up their honeypot, Kaspersky began seeing attempted connections to an open telnet port. Over a 24-hour period, there were ‘tens of thousands of attempted connections from unique IP addresses.’
Kaspersky’s research makes it clear the plight of insecure IoT devices remains a growing threat and manufacturers need to ensure their products are secure before they’re made public and/or issue software patches urgently to existing customers. Until then, Kaspersky recommends blocking your device from being accessed outside your local network where possible, and to change any default passwords before the product is used online.
Are you surprised at the pace of IoT malware growth? Share your thoughts in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.