30% of all attacks occurred in China, 19% – in Brazil, 12% accounted for Egypt.
In the first half of 2019, experts from Kaspersky Lab using hanipot (a resource that is a bait for attackers) recorded 105 million attacks on IoT devices originating from 276 thousand unique IP addresses. This indicator is seven times higher than in the first half of 2018, when about 12 million attacks with 69 thousand IP addresses were detected. Taking advantage of the weak protection of IoT products, cybercriminals are putting more effort into creating and monetizing IoT botnets.
The number of cyberattacks on IoT devices is growing rapidly, since all private users and organizations are acquiring smart devices, such as routers or DVR cameras, but not everyone cares about protecting them. Cybercriminals, in turn, see more and more financial opportunities to use such devices. They use networks of infected smart devices to conduct DDoS attacks or as a proxy server for other types of malicious actions.
According to the collected data, attacks on IoT devices are not difficult, but they are secretive enough so that users do not notice them. The Mirai malware family was used in 39% of all attacks, in which exploits were used that allowed botnets to compromise devices by exploiting old vulnerabilities and control them. In second place was the Nyadrop family of malware (38.57%) using the Broufors technique. Nyadrop also often served as a Mirai bootloader. The third most common botnet was Gafgyt (2.12% of all attacks).
Researchers also identified countries that were most likely to be sources of infection in the first half of 2019. 30% of all attacks occurred in China, in Brazil – 19%, followed by Egypt with an indicator of 12%. In the first half of 2018, the situation was different – Brazil was in the lead with an indicator of 28%, China was in second place (14%), and Japan was third (11%).
IoT is a fruitful area for attackers who use even the most primitive methods, such as guessing combinations of passwords and logins for authorization in the system. Users very often use common combinations, such as “support / support”, followed by “admin / admin”, “default / default”.