The first six months of 2021 have seen a more than 100-percent growth in cyberattacks against internet-of-things (IoT) devices, researchers have found.
According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks – up from 639 million during the previous half year, which is more than twice the volume.
“Since IoT devices, from smartwatches to smart home accessories, have become an essential part of our everyday lives, cybercriminals have skillfully switched their attention to this area,” said Dan Demeter, security expert at Kaspersky. “We see that once users’ interest in smart devices rose, attacks also intensified.”
It should be noted that it’s not just a concern on the personal front, either. With millions still working from home, cybercriminals are targeting corporate resources via home networks and in-home smart devices too, according to Red Canary’s Grant Oviatt. They know organizations haven’t quite gotten used to the new perimeter — or lack thereof.
“Throughout the past 12 months, the lack of [incident] preparedness has become increasingly evident, especially with the influx of personal devices logging onto corporate networks, the resulting reduced endpoint visibility, expanded attack surface and surge in attack vectors,” he said in a recent Infosec Insider column for Threatpost.
In real-world attacks, the end result of attacks on IoT gear is evolving, Kaspersky found: Infected devices being used to steal personal or corporate data as mentioned, and mine cryptocurrencies, on top of traditional DDoS attacks in which the devices are added to a botnet.
For instance, the Lemon Duck botnet targets victims’ computer resources to mine the Monero virtual currency, and it has self-propagating capabilities and a modular framework that allows it to infect additional systems to become part of the botnet too. It has at least 12 different initial-infection vectors – more than most malware, including targeting IoT devices with weak or default passwords. This includes brute-forcing attempts on enterprise telnet credentials (telnet being the protocol used to access and manage a device remotely).
Indeed, in Kaspersky’s telemetry, the attempted malicious connections used telnet most often; the rest used SSH and basic web connections.
In addition to weak passwords offering a way to compromise IoT targets, more and more vulnerabilities are coming to light that make IoT gadgets more attractive to attackers, too. The firm noted that more and more exploits are being weaponized by cybercriminals than ever before.
Just last week for instance, a collection of vulnerabilities dubbed BrakTooth was disclosed, affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors. One of the bugs allows code-execution on smart devices, researchers from the University of Singapore found – making them available to botnets and data thieves armed with spyware.
“This has serious implications if such an attack is applied to Bluetooth-enabled smart home products,” the researchers warned.
Also last week, researchers from Claroty revealed a vulnerability in the Belledonne Communications’ Linphone SIP Protocol Stack. Linphone is a 20-year-old open-source voice over IP (VoIP) project touting itself as the first open-source application to use SIP on Linux.
“Enterprise IoT devices today are commonly connected to both voice and video devices like phones, surveillance cameras, connected doorbells and other security systems,” explained the researchers. “When these SIP protocols become compromised, an attacker can gain a foothold into a corporate network, and possible the entire IoT/OT network. The vulnerability is remotely exploitable, requiring no action from the victim.”
How to Keep Smart Devices Safe from Cyberattacks
“Some people believe they aren’t important enough to be hacked but we’ve observed how attacks against smart devices intensified during the past year,” Demeter said. “Most of these attacks are preventable.”
To keep your devices safe, Kaspersky recommended that users implement the following best practices:
- Install updates for firmware as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.
- Always change preinstalled passwords. Use complicated passwords that include both capital and lower-case letters, numbers and symbols, if possible.
- Reboot a device as soon as it begins acting strangely. Note: This might help eliminate existing malware, but this doesn’t reduce the risk of getting another infection.
- Review and choose security solutions that help to protect IoT ecosystems
It’s time to evolve threat hunting into a pursuit of adversaries. JOIN Threatpost and Cybersixgill for Threat Hunting to Catch Adversaries, Not Just Stop Attacks and get a guided tour of the dark web and learn how to track threat actors before their next attack. REGISTER NOW for the LIVE discussion on Sept. 22 at 2 p.m. EST with Cybersixgill’s Sumukh Tendulkar and Edan Cohen, along with independent researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.