IoT devices are more vulnerable than ever

Over 1.5 billion attacks against Internet of Things (IoT) devices were detected by security researchers in the first half of the year, according to new research from Kaspersky.

Based on an analysis of telemetry data from the company’s honeypots, cyber attacks against IoT devices have increased by over 100%. In the first half of 2021, the number of total infection attempts reached 1,515,714,259. During the final six months of 2020, there were only 639,155,942.

Most of the attacks used the telnet protocol to access IoT devices. Researchers recorded over 872 million — 58% of the total — using this protocol. The rest used SSH (34%) and web (8%) channels. Hackers can use these compromised devices in a botnet to mine for cryptocurrency, launch DDoS attacks, or steal confidential data.

Kaspersky Security Expert Dan Demeter says since IoT devices, from smartwatches to smart home accessories, have become essential parts of our everyday lives, cyber criminals have skillfully switched their attention to this area.

“We see that once users’ interest in smart devices rose, attacks also intensified,” he said. “Some people believe they aren’t important enough to be hacked but we’ve observed how attacks against smart devices intensified during the past year. Most of these attacks are preventable, that’s why we advise smart home users to install a reliable security solution, which will help them stay safe.”

Kaspersky recommended updating device firmware and changing any default passwords to something stronger or different. Any devices behaving oddly should also be rebooted to eliminate malware.

Sachin Shah, CTO of Operational Technology and ICS at Armis, told IT Pro that IoT exploitation is on the rise.

“Protecting such a colossal attack surface is no easy task, especially when there are so many varying types and security standards on the devices,” he said. “The prevailing concern from a security operations perspective regarding those billions of IoT devices, is that anything connected can be hacked. Each IoT device represents an attack surface that presents attackers with an avenue into your data.”

“And unlike laptops and smartphones, most IoT small factor devices hold less processing and storage capabilities. This makes it difficult to employ anti-virus, firewalls, and other security applications that could help protect them. At the same time, edge computing intelligently aggregates local data, making it a concentrated target for sophisticated threat actors. Ransomware can also target applications and data in addition to IoT device hardware,” he added.