Security researchers from F-Secure have published a severe warning that cyberattacks on IoT devices are now quickening at an unusual rate. The company’s “Attack Landscape H1 2019” marked a three-fold increase in attack transactions to more than 2.9 billion events. The company employs honeypots—fake servers around the world disguised as daily operational hardware to draw everyday attacks—and this is the first time that strikes those honeypots “have ever reached the billion mark.”
The researchers put this raise in attacks down to the growth in the numbers of IoT devices being disposed around the world. In recent periods, we have seen recurring warnings on the vulnerability of such devices to get hit. This is partially due to a fundamental absence of defences in deteriorating firmware or architectures, and part falling to a lack of infosec housework. Often IT units are not even aware of all these devices on their networks, creating the task of patching security problems near unattainable. “From millions to billions,” F-Secure points out its introduction, systematically summarizing the problem.
We have also noticed an improved knowledge of some of the risks that such devices offer into homes and workplaces. Again, seldom it is an attack on the device itself—recognize that this includes healing and administration mechanisms which comprise of important data in themselves. But the greater hazard is the use of these endpoints as easy access points into more comprehensive networks. Striking an unpatched printer or VOIP phone to reach an obviously secure system is intelligent and serious. And such attacks are now constantly in the playbook of grown-up nation-state menace actors around the world.
The Telnet protocol drew “the largest share of attack traffic—760 million events,” up almost 30 percent since the last report. Another IoT protocol UPnP was not extremely far behind, with 611 million cases. Considering this IoT focus, it was no shock then, the researchers emphasized, “that malware located in the honeypots was controlled by various versions of Mirai, which affects IoT devices that utilize default credentials and co-opts those machines into botnets that conduct DDoS attacks.”
The largest offenders for the origination of attack movement were China and Russia, unsurprisingly, as well as the U.S. and Germany. The U.S. also exceeded the target list, supported by several European nation-states.
F-Secure recognized that improvements to its honeypots and their deployments would have estimated for some of the increase, “but there’s also no ambiguity that attack traffic is also solely on the increase.” The researchers ordered IoT growth as well as the continuing “predominance of Eternal Blue” for this.
Unsurprisingly, the unit also concluded that “99.9 percent of traffic to our honeypots is automated,” suggesting bots and scripts and malware designed to attack at range. “Attacks may come from any associated computing device—a traditional machine, malware-infected smartwatch or IoT toothbrush can be a beginning.”
What has been fascinating in the exploitation of the magnitude of IoT endpoint vulnerability has been its adoption by tier-1 threat actors. That won’t display in any headline attack numbers, but by purpose and impact, those attacks will top the agenda.
Mitigation charge is as apparent as it is difficult—“know what tools and servers you have and why they’re required. Retire old assets that aren’t important.” The difficulty is that IoT devices by their nature can be “fire and forget,” not providing the similar security inventory asset tracking rules and regulations inside organizations as other—more obviously unprotected— assets.
