Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks – up from 639 million during the previous half year, which is more than twice the volume.
Kaspersky Security Expert Dan Demeter says since IoT devices, from smartwatches to smart home accessories, have become an essential part of our everyday lives, cybercriminals have skillfully switched their attention to this area. We see that once users’ interest in smart devices rose, attacks also intensified.”
With millions still working from home, cybercriminals are targeting corporate resources via home networks and in-home smart devices too, according to Red Canary’s Grant Oviatt. They know organizations haven’t quite gotten used to the new perimeter – or lack thereof.
In real-world attacks, the end result of attacks on IoT gear is evolving, Kaspersky found: Infected devices being used to steal personal or corporate data as mentioned, and mine cryptocurrencies, on top of traditional DDoS attacks in which the devices are added to a botnet.
The Lemon Duck botnet targets victims’ computer resources to mine the Monero virtual currency, and it has self-propagating capabilities and a modular framework that allows it to infect additional systems to become part of the botnet too. It has at least 12 different initial-infection vectors – more than most malware, including targeting IoT devices with weak or default passwords. This includes brute-forcing attempts on enterprise telnet credentials (telnet being the protocol used to access and manage a device remotely).
In Kaspersky’s telemetry, the attempted malicious connections used telnet most often; the rest used SSH and basic web connections.
In addition to weak passwords offering a way to compromise IoT targets, more and more vulnerabilities are coming to light that make IoT gadgets more attractive to attackers, too. The firm noted that more and more exploits are being weaponized by cybercriminals than ever before.