A security vendor has detected over 100 million attacks on IoT endpoints in the first half of 2019 alone, highlighting the continued threat to unsecured connected devices.
Russian AV vendor Kaspersky said its honeypots had spotted 105 million attacks coming from 276,000 unique IP addresses in the first six months of the year. The number of attacks is nearly nine times more than the figure for 1H 2018 when only 12 million were detected, originating from 69,000 IP addresses, the firm added.
The figures can be seen in the context of a smart home boom, with consumers buying in increasing numbers connected devices which often have poor in-built security and/or are not properly secured by their owners.
Mirai-like attacks which take advantage of weak factory-default log-ins for such devices are increasingly common, conscripting IoT endpoints into botnets which can then be used to launch DDoS and other attacks, Kaspersky explained. Some attacks also exploit old unpatched vulnerabilities to hijack devices, it added.
The most common malware types are Mirai (39%) and Nyadrop (38.6%), which itself often serves as a Mirai downloader. Some way behind them is Gafgyt (2%), which uses brute-forcing techniques to gain persistence.
“Judging by the enlarged number of attacks and criminals’ persistence, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations,” said Kaspersky security researcher, Dan Demeter.
“This is much easier than most people think: the most common combinations by far are usually ‘support/support,’ followed by ‘admin/admin,’ ‘default/default.’ It’s quite easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices.”
Devices in China were most affected by attacks, accounting for 30% of infections in the first half of the year, followed by Brazil (19%) and Egypt (12%).