New study finds massive increase in cyberattacks on IoT devices
By Max BurkhalterOctober 22, 2019
As internet of things devices make their way into commercial environments across the globe, cybersecurity experts are having to pay closer attention to how these sensitive endpoints are insulated from external threats. While cybercrime is nothing new for organizations in almost every industry, emergent malware, ransomware and botnet variants have created a profound sense of urgency around securing the IoT.
To better understand the scale of modern IoT-based cybersecurity threats, Kaspersky Lab deployed over 50 "honeypots" in hopes of gathering data on the frequency, severity and attack methods used by modern cybercriminals. The project was initially launched back in 2018 and has already yielded some shocking results - according to a press release on Kaspersky's website, the honeypots encountered more than 105 million attacks on IoT devices in the first half of 2019 alone. This represents a nine-fold increase from the number of attacks identified in the first half of 2018, suggesting cybercriminals are ramping up their hacking efforts. But before organizations can shore up their virtual defenses, it may be useful to dive a bit deeper into the details.
Assessing cybersecurity threats in the era of IoT
First, it's important to recap the purpose and functionality of the "honeypots" used by Kaspersky Lab during its year-long study. According to the popular antivirus software developer Norton, a honeypot is a "computer or computer system intended to mimic likely targets of cyberattacks." By setting up a dummy system, cybersecurity researchers are able to entice would-be hackers into attacking isolated networks. This prevention strategy allows IT professionals to detect attacks at the network's perimeter, draw hackers away from high-priority data stores and gather invaluable information on new malware strains.
What makes this cybersecurity practice so valuable for IoT environments is that most embedded devices cannot be protected with security software, making them much more vulnerable than a typical computer terminal. Since every IoT device acts as a potential access point for cybercriminals, it's crucial to understand which types of cyberattacks are most common and how they are carried out. Generally speaking, as companies integrate more internet-connected devices, they are unknowingly expanding their attack surface and making it easier for hackers to establish a foothold.
Overall, Kaspersky's honeypots detected over 105 million attacks on IoT devices originating from 276,000 unique IP addresses. In many cases, the attackers cycled through an exhaustive list of default username and password combinations in an attempt to gain access. This behavior is, in part, a result of the poor administrative practices of large enterprises - nearly all IoT devices are equipped with login credentials supplied by the manufacturer which should be updated before they are deployed. Considering most default usernames and passwords are searchable on the open web, it's crucial for IT administrators to setup their own credentials prior to adding IoT devices to an existing network.
In terms of specific systems, Kaspersky researchers found that Telnet, SSH and web servers are the most common services targeted by cybercriminals. One reason is that embedded IoT devices often contain a wider range of CPU architectures, which can make it difficult to deliver the right malware payloads for the device in question. However, once an attacker has access to an IoT device, they are able to target other devices in the network that may be more receptive to their particular malware strain.
In 2018, the most common type of malware used in cyberattacks were a derivative of the infamous Mirai strain, which many security experts have dealt with before. However, Kaspersky's recent study found that other well-known malware families are starting to make a comeback, with NyaDrop and Gafgy being used to infect newer devices and network architectures. Considering the fast pace of malware development, what can organizations do to insulate their business-critical systems and IoT devices from exploitation?
Protecting IoT devices from emerging threats
The first step to improving an organization's IoT security posture is to conduct a thorough vulnerability assessment that looks into all aspects of its digital architecture, from software patches and OS versions to managed switches and console servers. This allows IT administrators to hone in on the weakest links in their cybersecurity framework, though these types of assessments should be conducted on an annual basis. Keep in mind, new malware variants are created on what feels like a daily basis, so it's important to stay proactive and vigilant even if no recent cyberattacks have been detected. More specifically, Kaspersky's report recommended four steps users can take to keep their IoT devices safe, including:
- Updating firmware regularly and developing a robust patch management strategy to prevent future infections.
- Changing default passwords before deployment and upholding best practices in user credentialing.
- Rebooting IoT devices as soon as performance issues are identified and investigating the root cause before redeploying.
- Restricting access to IoT devices using a local VPN and ensuring users cannot make changes without the proper credentials.
Keeping IoT devices safe from cybercriminals can be difficult without the right connectivity tools and reliable networking equipment in place. That's why Perle offers industrial-grade hardware such as Ethernet media converters and hardended switches. Read some of our customer stories to find out how we've helped our clients across industry lines take full advantage of their IoT equipment.