After deploying more than 50 honeypots worldwide, Kaspersky detected massive IoT attacks (105 million) on devices from 276,000 unique IP addresses, within only the first six months of 2019. The number of attacks in 2019 is nine times greater than the number found in the first half of 2018, which totaled 12 million attacks.
Kasperky’s IoT: A Malware Story report, released on Tuesday, used honeypot data to determine the number of cyberattacks conducted in the time frame, which type of attacks were used, and where these attacks took place. As organizations purchase more connected smart devices, attackers find more threat vectors to target, the report said.
What are honeypots?
A tool used by many security experts, honeypots are decoys used to mimic typical targets of attack and subsequently attract cyberattackers, as Jack Wallen reported.
Kaspersky incorporated three common types of honeypots: Low-interaction, high interaction, and medium interaction. The first simulates services such as Telnet, SSH, and web servers; the second mimics real devices, and the third is a mixture of the two.
To avoid being discovered quickly by cybercriminals, Kaspersky’s honeybots cycled through IP addresses often. Some honeypots kept the same address for long periods of time and ended up being flagged by cybercriminals who fell for the trick, the report said.
Kaspersky’s 50 honeypots, which were deployed for more than one year, resulted in 20,000 infected sessions every 15 minutes. Mirai, responsible for 39% of attacks, exploited unpatched vulnerabilities; while Nyadrop, which comprised another 39% of attacks, used password brute-forcing attacks, the report found.
Mirai is a malware family that hones in on weak IoT devices to use in a large-scale DDoS attacks. Mirai was popularized by its massive cyberattack that swept both the US and Europe in 2016, causing the largest internet blackout in US history.
“As people become increasingly surrounded by smart devices, we are witnessing the way IoT attacks are intensifying,” Dan Demeter, security researcher at Kaspersky, said in a press release. “Judging by the enlarged number of attacks and criminals’ persistence, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. It’s quite easy to change the default password, so we urge everyone to take this simple step toward securing your smart devices.”
The most attacks came from China (30%), Brazil (19%), and Egypt (12%). Last year, however, Brazil was the source of most attacks with (28%), China came in second (14)%, and Japan third (11%).
The report identified the following four steps users should take to keep their devices safe: