Sloppy IoT security leads to more DDOS attacks: Report
Cyber security firm Symantec on Monday unveiled a new research indicating how cybercriminal networks are taking advantage of negligent Internet of Things (IoT) device security to spread malware.
The security firm’s ‘Security Response’ team has discovered that cybercriminals are hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies.
To succeed, they need cheap bandwidth and get it by stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security.
The research also pointed out that more than half of all IoT attacks originate from China and the US, based on the location of IP addresses to launch malware attacks.
High numbers of attacks are also originating from Germany, Netherlands, Russia, Ukraine, and Vietnam. In some cases, IP addresses may be proxies used by attackers to hide their true location.
Most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems.
Many are Internet-accessible but they may not include any advanced security features, due to their operating system and processing power limitations.
Most online attackers are now highly aware of insufficient IoT security and many pre-program their malware with commonly used and default passwords, allowing them to easily hijack IoT devices.
Poor security on many IoT devices makes them easy targets, and often victims may not even know they have been infected.
The security firm found out that 2015 was a record year for IoT attacks, with insights highlighting the increased likeliness of attacks on home automation and home security devices. Since IoT devices do not involve any changes after initial setup, it becomes a easy target for hackers.
As the amount of embedded devices connected to the Internet rise, attacks originating from multiple IoT platforms have also been expected to rise rapidly in future.