Over 100 Million IoT Attacks detected in 1H 2019


Over 100 Million IoT Attacks detected in 1H 2019 (Oct 16, 2019)

Kaspersky researchers have said their honeypots have detected a total of more than 105 million attacks that originated with 276,000 unique IP addresses. Compared to the 1st half of 2018 with 12 million attacks and 69,000 IP addresses detected, this is a massive difference. This surge could be the result of large number of users transitioning to smart devices and with many not having strong in-build security. There has been a consistent use of Mirai-like attacks where devices with weak default logins are taking advantage of and converted into remotely controlled bots that become part of a botnet to launch Denial-of-Service (DDoS) and other attacks. China has been the largest target making up 30%, with Brazil second at 19%.

Recommendation: If the device is IoT (Internet of Things) which is becoming more likely in today's world , it is recommended that it is placed behind a firewall or network address translation and placed within a Virtual Local Area Network (VLAN). Change the default password of IoT devices such as routers and printers to something that is difficult for threat actors to guess as this is generally the first area actors targe. Anything that faces the internet can be vulnerable to threat actors, and as this story illustrates, malware can evolve extremely quickly so it is crucial to stay up-to-date with security patches and updates.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.