A new report from Kaspersky found attacks on Internet-of-Things (IoT) devices have more than doubled since 2020, as cyber threat actors are increasingly turning their attention on the devices to steal sensitive data, hijack the devices and add them to botnets for conducting DDoS attacks, and for installing cryptocurrency miners.
Between January 1 and June 30, 2021, Kaspersky says telemetry data collected through its honeypots shows there were 1.5 billion attempted IoT attacks, compared to 639 million in the first half of 2020.
Smart devices have proven to be popular with consumers, who now have an increasing number of personal devices in their homes that are Internet connected, from smartphones to alarm systems, TVs and even washing machines. These IoT-connected devices have become an essential part of modern life and as usage has grown, so too have the number of attacks by cyber threat actors.
While attacks can result in the theft of personal data, the pandemic has put far more at risk. Many employees have been working from home due to country-wide lockdowns and work-from-home (WFH) policies have placed corporate devices and data at risk. Cybercriminals have targeted the home networks of WFH employees and are conducting attacks to gain access to corporate resources. They are well aware that many companies have not managed to implement appropriate security protections to defend against a much more expansive attack surface. The flaws in the new network perimeter are being exploited.
With so many individuals now accessing corporate networks remotely, identifying unauthorized traffic has become much been difficult. Many companies do not have full visibility into the devices that are now connecting to their networks, and the vastly expanded attack surface has made it much easier for attackers to connect remotely to corporate networks and remain hidden.
The number of attack vectors has also increased. The operators of the Lemon Duck botnet, for instance, have targeted IoT devices with their self-propagating malware and are compromising vast numbers of IoT devices to mine the Monero cryptocurrency. Kaspersky researchers identified 12 different infection vectors that were being used by the gang to compromise IoT and other devices. One of the most common attack vectors is brute force attacks on IoT devices with weak or default passwords.
Brute force attacks on enterprise telnet credentials were the most common. Kaspersky’s telemetry shows the number of attacks on its telnet honeypots increased from 460,703,861 in 1H 2020 to 872,345,837 in 1H 2021. While these attacks are the most common, the biggest increase was seen in basic web attacks which rose from 142,245,141 in 1H 2020 to 514,749,073 in 1H 2021, while attacks via SSH increased from 36,206,940 to 128,619,349 over the same period – an increase of 262%.
Other common attack vectors include the exploitation of vulnerabilities in IoT devices, which are now being discovered much more often. The researchers noted that one of the flaws in the batch of BrakTooth vulnerabilities discovered by researchers at the University of Singapore – which affect Bluetooth stacks on system-on-a-chip (SoC) circuits at multiple vendors – allows code-execution on smart devices. Attackers could exploit the flaw to gain control of IoT devices connected to home networks and install spyware, steal data, or add devices to botnets.
IoT device vulnerabilities are typically not addressed as quickly as vulnerabilities in laptop and desktop computers, which gives attackers a much longer window of opportunity for exploiting the flaws. Kaspersky says it has observed an increasing number of exploits for IoT device vulnerabilities being weaponized by cyber threat actors than ever before.
Many people do not believe they are at risk of being targeted by hackers, but these attacks are being conducted with increased frequency and the aim is to compromise as many devices as possible. If vulnerabilities are not addressed, there is a risk that home networks will be compromised.
It is therefore vital to adopt good cyber hygiene practices to keep IoT devices secure. They include ensuring firmware on IoT devices is updated as soon as possible after new versions are released, changing default passwords, setting strong passwords to improve resiliency against brute force attacks, implementing security solutions that cover IoT devices as well as computers, and to ensure that IoT devices are rebooted immediately if they are observed acting strangely.