Smart Home Automation


IoT under fire

1 October 2019 Smart Home Automation Information Security

Kaspersky honeypots – networks of virtual copies of various Internet-connected devices and applications – have detected 105 million attacks on IoT devices coming from 276 000 unique IP addresses in the first six months of the year. This figure is around nine times more than the number found in H1 2018, when only around 12 million attacks were spotted originating from 69 000 IP addresses. Capitalising on weak security of IoT products, cybercriminals are intensifying their attempts to create and monetise IoT botnets. This and other findings are a part of the ‘IoT: a malware story’ report on honeypot activity in H1 2019.

Cyberattacks on IoT devices are booming, as even though more people and organisations are purchasing ‘smart’ (network-connected and interactive) devices, such as routers or DVR security cameras, not everybody considers them worth protecting. Cybercriminals, however, are seeing more and more financial opportunities in exploiting such gadgets. They use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions. To learn more about how such attacks work and how to prevent them, Kaspersky experts set up honeypots – decoy devices used to attract the attention of cybercriminals and analyse their activities.

Based on data analysis collected from honeypots, attacks on IoT devices are usually not sophisticated, but stealth-like, as users might not even notice their devices are being exploited. The malware family behind 39% of attacks – Mirai – is capable of using exploits, meaning that these botnets can slip through old, unpatched vulnerabilities to the device and control it. Another technique is password brute-forcing, which is the chosen method of the second most widespread malware family in the list – Nyadrop. Nyadrop was seen in 38,57% of attacks and often serves as a Mirai downloader. This family has been trending as one of the most active threats for a couple of years now. The third most common botnet threatening smart devices – Gafgyt with 2,12% – also uses brute-forcing.

In addition, the researchers were able to locate the regions that became sources of infection most often in H1 2019. These are China, with 30% of all attacks taking place in this country, Brazil saw 19% and this is followed by Egypt (12%). A year ago, in H1 2018, the situation was different, with Brazil leading with 28%, China being second with 14% and Japan following with 11%.

“As people become surrounded by smart devices, we are witnessing how IoT attacks are intensifying. Judging by the enlarged number of attacks and criminals’ persistency, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. This is much easier than most people think: the most common combinations by far are usually ‘support/support’, followed by ‘admin/admin’ and ‘default/default’. It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices,” said Dan Demeter, security researcher at Kaspersky.

To keep your devices safe, Kaspersky recommends users:

• Install updates for the firmware you use as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.

• Always change preinstalled passwords. Use complicated passwords that include both capital and lower-case letters, numbers and symbols if possible.

• Reboot a device as soon as you think it’s acting strangely. It might help get rid of existing malware, but this doesn’t reduce the risk of getting another infection.

• Keep access to IoT devices restricted by a local VPN, allowing you to access them from your ‘home’ network, instead of publicly exposing them on the Internet.

Kaspersky recommends companies take the following measures:

• Use threat data feeds to block network connections originating from malicious network addresses detected by security researchers.

• Make sure all devices’ software is up to date. Unpatched devices should be kept in a separate network inaccessible by unauthorised users.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Onyyx wireless alarm
Technews Publishing Editor's Choice Smart Home Automation
IDS has introduced Onyyx, a wireless alarm system engineered to provide complete system control via the Onyyx app or keyring, as well as seamless installation.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
Unlocking new efficiencies in private security
Security Services & Risk Management Transport (Industry) Smart Home Automation Logistics (Industry)
Justin Manson, Sales Director at Webfleet, discusses how the urgent need to protect life, and to do so more efficiently, is driving continuous innovation in holistic home and residential security services in South Africa.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...
New tools for investigation and robust infrastructure security
News & Events Information Security
Cybereason continues to enhance its security platform, with recent updates introducing improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Read more...
Acronis’ True Image returns
Information Security Smart Home Automation
Acronis has announced its flagship product, Acronis Cyber Protect Home Office, is reverting to its original name, Acronis True Image, with the new version release.

Read more...
Same old cables, new intercom
Hikvision South Africa Products & Solutions Access Control & Identity Management Residential Estate (Industry) Smart Home Automation
Retrofitting old residential complexes with a modern two-wire HD video intercom system is more than an upgrade. For many homeowners and renters, these systems represent a leap into the future.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...