Image © mbeo. Used under CC BY-NC-ND 2.0 licence.
Kaspersky says its networked virtual copies of various IoT devices and applications have detected 105 million attacks in the first six months of 2019, a 12 fold increase on H1 2018.
According to Kaspersky many people and organisations consider it unnecessary to protect these devices, but cyber criminals see financial opportunities in exploiting such gadgets to conduct DDoS attacks, or as proxies for other types of malicious actions.
“Based on data analysis collected from honeypots, attacks on IoT devices are usually not sophisticated, but stealth-like, as users might not even notice their devices are being exploited,” Kaspersky says.
“The malware family behind 39 percent of attacks — Mirai — is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it.”
According to Kaspersky password brute-forcing is the chosen attack method of the second most widespread malware family in the list – Nyadrop.
Nyadrop was seen in 38.57 percent of attacks and often serves as a Mirai downloader, Kasperky says.
This family has been trending as one of the most active threats for a couple of years now. The third most common botnet threatening smart devices — Gafgyt with 2.12 percent — also uses brute-forcing.
Kaspersky also discovered a shift over the past year in the source of the attacks. In H1 2019 China accounted for 30 percent of all attacks followed by Brazil with 19 percent and Egypt with 12 percent. A year ago Brazil lead with 28 percent, China was second with 14 percent and Japan third with 11 percent.
Full details of Kaspersky’s findings can be found on Securelist and there is a (20 minute) presentation on its honeypot structure on YouTube.
