In the first half of 2021, 1.5 billion smart device attacks were recorded, with attackers attempting to steal data, mine cryptocurrencies, or create botnets.
According to analysts, cyberattacks against internet-of-things (IoT) devices increased by more than 100 percent in the first six months of 2021.
According to a Kaspersky analysis of data from honeypots shared with Threat post, the company detected more than 1.5 billion IoT threats in the first half of 2018, up from 639 million in the previous half.
“Since IoT devices, such as smartwatches and smart home accessories, have become an indispensable part of our daily life, fraudsters have shifted their focus to this area,” said Dan Demeter, a security expert at Kaspersky. “We can observe that as user interest in smart devices grew, so did attacks.”
It’s worth noting that this isn’t just a personal issue. According to Red Canary’s Grant Oviatt, fraudsters are targeting corporate resources via home networks and in-home smart devices, since millions of people continue to work from home. They are well aware that businesses have yet to adjust to the new perimeter — or lack thereof.
“Over the past year, the lack of [incident] preparedness has become increasingly evident, especially with the influx of personal devices logging onto corporate networks, the resulting reduced endpoint visibility, expanded attack surface, and surge in attack vectors,” he wrote in a recent Threatpost Infosec Insider column.
In real-world attacks, Kaspersky discovered that the final result of IoT gear attacks is evolving: infected devices are being used to steal personal or corporate data and mine cryptocurrency, in addition to classic DDoS operations in which the devices are linked to a botnet.
For instance, the Lemon Duck botnet targets victims’ computer resources to mine the Monero virtual currency, and it has self-propagating capabilities and a modular framework that allows it to infect additional systems to become part of the botnet too. It has at least 12 different initial-infection vectors – more than most malware, including targeting IoT devices with weak or default passwords. This includes brute-forcing attempts on enterprise telnet credentials (telnet being the protocol used to access and manage a device remotely).
Indeed, in Kaspersky’s telemetry, the attempted malicious connections used telnet most often; the rest used SSH and basic web connections.
In addition to weak passwords providing a mechanism to hack IoT targets, a growing number of vulnerabilities are being discovered, making IoT devices more appealing to attackers. Cybercriminals are weaponizing exploits in greater numbers than ever before, according to the business.
Just last week for instance, a collection of vulnerabilities dubbed BrakTooth was disclosed, affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors. One of the bugs allows code-execution on smart devices, researchers from the University of Singapore found – making them available to botnets and data thieves armed with spyware.
“This has serious implications if such an attack is applied to Bluetooth-enabled smart home products,” the researchers warned.
Also last week, researchers from Claroty revealed a vulnerability in the Belledonne Communications’ Linphone SIP Protocol Stack. Linphone is a 20-year-old open-source voice over IP (VoIP) project touting itself as the first open-source application to use SIP on Linux.
According to the researchers, “Enterprise IoT devices are often connected to both voice and video devices such phones, surveillance cameras, connected doorbells, and other security systems.” “An attacker can get a foothold into a business network, and even the entire IoT/OT network, if certain SIP protocols are hacked. The vulnerability may be exploited remotely, so the victim doesn’t have to do anything.”
How to Keep Smart Devices Safe from Cyberattacks
“Some people believe they aren’t important enough to be hacked but we’ve observed how attacks against smart devices intensified during the past year,” Demeter said. “Most of these attacks are preventable.”
To keep your devices safe, Kaspersky recommended that users implement the following best practices:
- Install updates for firmware as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.
- Always change preinstalled passwords. Use complicated passwords that include both capital and lower-case letters, numbers and symbols, if possible.
- Reboot a device as soon as it begins acting strangely. Note: This might help eliminate existing malware, but this doesn’t reduce the risk of getting another infection.
- Review and choose security solutions that help to protect IoT ecosystems