Kaspersky’s research uncovered a thriving underground economy on the dark web focused on internet of things (IoT)-related services. Notably, distributed denial of service (DDoS) attacks orchestrated through IoT botnets are in high demand among hackers. In the first half (H1) of 2023, Kaspersky’s Digital Footprint Intelligence service analysts identified over 700 ads for DDoS attack services on various dark web forums.
In addition, the dark web marketplace offers exploits for zero-day vulnerabilities in IoT devices, as well as IoT malware bundled with infrastructure and supporting utilities.
In the realm of IoT malware, a variety of families exist, with many originating from the 2016 Mirai one. Fierce competition among cybercriminals has driven the development of features designed to thwart rival malware. These strategies include implementing firewall rules, disabling remote device management, and terminating processes linked to competing malware.
The primary method for infecting IoT devices continues to be through brute-forcing weak passwords, followed by exploiting vulnerabilities in network services. Brute-force attacks on devices are commonly directed at Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorised access by cracking passwords, allowing them to execute arbitrary commands and malware. Although secure socket shell (SSH), a more secure protocol, is also susceptible, it presents a greater resource challenge for attackers.
In the 2023 H1, Kaspersky’s honeypots recorded that 97.91 per cent of password brute-force attempts focused on Telnet, with only 2.09 per cent directed at SSH. These attacks were primarily associated with China, India, and the US, while China, Pakistan, and Russia were the most active attackers.
Furthermore, IoT devices face vulnerabilities due to exploits in the services they use. These attacks often involve execution of malicious commands by exploiting vulnerabilities in IoT web interfaces, resulting in significant consequences, such as the spread of malware like Mirai.
Commenting on the findings, Yaroslav Shmelev, security expert, Kaspersky, said, “Kaspersky urges vendors to prioritise cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities. In a nutshell, the IoT world is filled with cyber dangers, including DDoS attacks, ransomware, and security issues in both smart home and industrial devices. Kaspersky’s report stresses the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users.”
IoT devices are susceptible to various types of malware, each serving distinct purposes:
- DDoS botnets- these malicious programs take control of IoT devices to launch DDoS attacks on a wide range of services.
- Ransomware- targeting IoT devices, particularly those containing user data like network attached storage (NAS) boxes, ransomware encrypts files and demands ransoms for decryption.
- Miners- despite their limited processing power, some cybercriminals attempt to use IoT devices for cryptocurrency mining.
- DNS changers- certain malware alters domain name system (DNS) settings on Wi-Fi routers, redirecting users to malicious websites.
- Proxy bots- infected IoT devices are employed as proxy servers to reroute malicious traffic, making it difficult to trace and mitigate such attacks.
Further, to protect industrial and customer IoT devices, Kaspersky experts have recommended to conduct regular security audits of operational technology (OT) systems to identify and eliminate possible vulnerabilities, as well as use internet connection sharing (ICS) network traffic monitoring, analysis, and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.
In addition, Kaspersky Industrial Cybersecurity solution includes dedicated protection for endpoints and network monitoring to reveal any suspicious and potentially malicious activity in industrial network. When implementing IoT, assess the status of a device’s security before its implementation, and preferences should be given to devices that have cybersecurity certificates and products from those manufacturers that pay more attention to information security.
For the smart home devices, it recommended to change the default password to a strict and complex one and updating it regularly. A reliable password manager, such as Kaspersky Password Manager, can help to generate a secure one. Furthermore, it recommended to check the latest information on discovered IoT vulnerabilities regularly.