IoT devices are now cybercriminals’ top attack target, surpassing web and application services, and email servers, according to new research from F5 Labs.
With Gartner estimating that the number IoT devices are set to surge to 20,4 billion by 2020 – represents a staggering 143% growth rate over three years – this discovery is likely to concern many consumers and manufacturers alike.
“IoT devices already outnumber people and are multiplying at a rate that far outpaces global population growth. Increasingly, lax security control could endanger lives as, for example, cellular-connected IoT devices providing gateways to critical infrastructures are compromised,” said David Warburton, Senior EMEA Threat Research Evangelist, F5 Networks.
The fifth volume of The Hunt for IoT report notes that thirteen Thingbots – which can be co-opted by hackers to become part of a botnet of networked things – were discovered in the first half of 2018. Six were discovered in 2017 and nine in 2016.
Spain was the top country under attack during the past 18 months, including enduring a remarkable 80% of all monitored IoT attack traffic between 1 January and 30 June 2018. Other countries under consistent pressure included Russia, Hungary, the US and Singapore.
Most of the attacks between 1 January and 30 June originated in Brazil (18% of instances). China was the second biggest culprit (15%), followed by Japan (9%), Poland (7%), the US (7%) and Iran (6%).
The most infected IoT devices, as determined by their participation in bots, were Small Office/Home Office (SOHO) routers, IP cameras, DVRs, and CCTVs.
Distributed Denial of Service (DDoS) remains the most utilised attack method. However, attackers in 2018 began adapting Thingbots under their control to encompass additional tactics including installing proxy servers to launch attacks from, crypto-jacking, installing Tor nodes and packet sniffers, DNS hijacks, credential collection, credential stuffing, and fraud trojans.
The most common method attackers used to discover and eventually infect IoT devices was through global internet scans looking for open remote administration services. Telnet and Secure Shell (SSH) protocols were the most popular, followed by Home Network Administration Protocols (HNAP), Universal Plug and Play protocols (UPnP), Simple Object Access Protocols (SOAP), and various other Transmission Control Protocol (TCP) ports used by IoT devices.
Common vulnerabilities and exposures specific to IoT device manufacturers were also prominent routes to exploitation.
Worryingly, the report posits that there is a significant and growing concern that IoT infrastructures – the servers and databases to which IoT devices connect – are “just as vulnerable to authentication attacks via weak credentials as the IoT devices themselves.”
As a case in point, F5 Labs’ latest research discovered that cellular IoT gateways are just as vulnerable as traditional wired and WiFi-based IoT devices. As many as 62% of tested devices were vulnerable to remote access attacks exploiting weak vendor default credentials. These devices act as out-of-band networks, creating network back doors, and are widely dispersed across the globe.
“We are stuck with over 8 billion IoT devices around the world that, for the most part, prioritise access convenience over security,” said Warburton.
“Organisations need to brace themselves for impact, because IoT attack opportunities are virtually endless and the process of building Thingbots is more widespread than ever.
“Unfortunately, it is going to take material loss of revenue for IoT device manufacturers, or significant costs incurred by organisations implementing these devices, before any meaningful security advances are achieved,” he warned.
“Therefore, it is essential to have security controls in place that can detect bots and scale to the rate at which Thingbots attack. As ever, having bot defense at your application perimeter is crucial, as is a scalable DDoS solution.”
The PCR Awards 2019 take place on 6th March at The Brewery, London. Buy your tickets here.