Woburn, MA, Oct. 15, 2019: Kaspersky “honeypots” have detected 105 million attacks on the Internet of Things (IoT) devices coming from 276,000 unique IP addresses in the first six months of 2019.
According to a release out out by Kaspersky, this was nearly nine times more than the number found in H1 2018, when about 12 million attacks were spotted, originating from 69,000 IP addresses. The findings come from Kaspersky’s “IoT: A Malware Story” report on honeypot activity in H1 2019.
To learn more about how such attacks work and how to prevent them, Kaspersky researchers set up honeypots, which are decoy devices used to attract the attention of cybercriminals and analyse their activities.
According to the analysis of honeypot data, attacks on IoT devices were generally not sophisticated, but were stealthy, leaving users unaware that their devices were being exploited, said Kaspersky.
Mirai, the malware family behind 39 per cent of the attacks, was capable of using exploits, meaning that these botnets could slip through old, unpatched vulnerabilities to the device and control it. Another technique was password brute-forcing, which was the method used by the second most widespread malware family in the list – Nyadrop. The latter was seen in 38.57 per cent of attacks and often serves as a Mirai downloader. The third most common botnet threatening smart devices, Gafgyt, was used in 2.12 per cent of attacks and also used brute-forcing.
The researchers also located the regions that were the sources of infection most often in H1 2019. Thirty percent of all attacks originated in China, followed by Brazil at 19 pc, and Egypt at 12pc. A year ago, in H1 2018, Brazil led with 28 pc, China was second at 14 pc and Japan followed with 11 pc.
As people become increasingly surrounded by smart devices, we are witnessing the way IoT attacks are intensifying. Judging by the enlarged number of attacks and criminals’ persistence, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. This is much easier than most people think: the most common combinations, by far, are usually ‘support/support,’ followed by ‘admin/admin,’ and ‘default/default.’ It’s quite easy to change the default password, so we urge everyone to take this simple step toward securing your smart devices.
Dan Demeter, security researcher, Kaspersky
Read the full text of the report on Securelist.com
Image Credit: Kaspersky