Cybercriminal networks are taking advantage of lax Internet of Things (IoT) device security to spread malware and create zombie networks, or botnets, unknown to their device owners, says an IT security product company.
Symantec says that it’s found cybercriminals hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies. To succeed, they need cheap bandwidth and get it by stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security.
More than half of all IoT attacks originate from China and the United States, based on the location of IP addresses to launch malware attacks. High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP addresses may be proxies used by attackers to hide their true location.
Most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems. Many are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features.
As attackers are now highly aware of insufficient IoT security, many pre-program their malware with commonly used and default passwords, allowing them to easily hijack IoT devices. Poor security on many IoT devices makes them easy targets, and often victims may not even know they have been infected.
Other findings from the IT firm’s research:
– 2015 was a record year for IoT attacks, with plenty of speculation about possible hijacking of home automation and home security devices. However, attacks to date have shown that attackers tend to be less interested in the victim and the majority wish to hijack a device to add it to a botnet, most of which are used to perform DDoS attacks.
– IoT devices are a prime target, since they are designed to be plugged in and forgotten after basic set-up.
– The most common passwords IoT malware used to attempt to log into devices was, unsurprisingly, the combination of ‘root’ and ‘admin’, indicating that default passwords are frequently never changed.
– And attacks originating from multiple IoT platforms simultaneously may be seen more often in the future, as the amount of the embedded devices connected to the Internet rises.
Comment
Stephen Gates, chief research intelligence analyst at NSFOCUS said that the primary reason why IoT devices are being hacked and most often added to existing botnets is primarily because there are accessible from the Internet directly. “Often, people who deploy an IoT device, for example a CCTV camera, thermostat, security system, baby monitor, personal electronic assistant, etc., are simple not deploying them behind firewalls. Instead, they are deploying them in a fashion whereby the devices are completely accessible from anywhere on the Internet. Also, many people are not changing default passwords on these devices. Vendors who develop these technologies try to make them as easy as possible to install to help reduce customer support calls; which can be very costly for the vendor. If people are having difficulty deploying an IoT device, what’s the natural response? Call support! Therefore, many of the IoT devices are plug-and-play and very easy to install. Easy to install doesn’t mean they’re actually secure.
Visit: http://www.symantec.com/connect/blogs/iot-devices-being-increasingly-used-ddos-attacks.
