New Symantec research shows Malware is targeting IoT devices, but their owners may be completely unaware of it.
Up to 1MN IoT devices were used to generate the world’s largest DDoS attack on the Brian Krebs on Security website. Targeting IoT is now the selected botnet delivery vector for cyber criminals and hackers.
Symantec, a global leader in cyber security, has revealed new research demonstrating how cyber-criminal networks are targeting IoT that has lax device security to spread malware and create zombie networks, or botnets. Most of the time the device owners do not know this is happening.
A Symantec Security Response team has discovered that cyber criminals are hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies.
Hackers success depends on cheap bandwidth and by stitching together consumer devices that are easy to infect because they lack sophisticated security. What is worse, us customers are paying for the attack via our data allowance.
Symantec found that more than half of all IoT attacks originate from China and the US, based on the IP addresses. High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP addresses may be proxies used by attackers to hide their true location.
Most targeting IoT with malware is on non-PC embedded devices such as Web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems. Many are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features.
As attackers are now highly aware of insufficient IoT security, many are targeting IoT with malware by commonly used and default passwords, allowing them to easily hijack IoT devices. Poor security on many IoT devices makes them easy targets, and often victims may not even know they have been infected.
Additional findings from Symantec’s research:
- 2015 was a record one for IoT attacks. Attacks to date have shown that attackers tend to be less interested in the victim and the majority wish to hijack a device to add it to a botnet, most of which are used to perform DDoS attacks.
- IoT devices are a prime target since they are designed to be plugged in and forgotten after basic set-up.
- The most common passwords IoT malware used to attempt to log into devices was, unsurprisingly, the combination of “root” and “admin” indicating that default passwords are frequently never changed.
- Attacks originating from multiple IoT platforms simultaneously may be seen more often in the future, as the amount of the embedded devices connected to the Internet rises.