More brute force attacks on IoT devices

Specialists from F5 Labs in the latest report Threat Intelligence report warn that organizations can no longer ignore the inevitable increase of Thingbots - bots built of IoT devices, which are quickly becoming the preferred target of cybercriminals.

Compared to the previous year, the number of brute force attacks on the telnet protocol against IoT devices increased by 249%. The vast majority of them originated in China - as much as 44% of malicious traffic originated from China and IP addresses located in Chinese networks. Subsequently, the United States and Russia are the countries with the highest activity of "hackers". Poland also found itself in the top 10 countries from which threats come with a 2% share in global attacks in December 2017. Significantly, in the last two years, many attacks came from the same IP addresses and networks. This means that malicious traffic is not detected by appropriate services or is ignored.

In the second half of 2017, F5 Labs recorded a decrease in the number of attacks compared to the first half of the year. However, when comparing data in the long term, the level of cybercrime was higher than during the largest activity of the Mirai botnet, which in September 2016 infected hundreds of thousands of IoT devices, including CCTV systems, routers and DVR recorders.

Analyzing network traffic from July to December 2017, F5 Labs stated that hackers are working on building numerous, very big thingbots. In addition, it is worth remembering that the potential of Mirai has never been fully exploited in the attacks. But the botnet code has been made available and as a consequence is the core of several new thingbots that are still active.

The cyber security community often talks about IoT as the Internet of Threats. There are reasons for this. Forecasts point to the unrestrained growth of the destructive arsenal of the Internet of Things. According to Gartner's analysis, 8.4 billion IoT devices are currently in use, and this number is expected to increase to 20.4 billion by 2020. In turn, IHS estimates that by 2020 there will be 30 billion of these devices, while the manufacturer of semiconductors SoftBank says up to a trillion by 2035.

We have not yet reached the stage of mass adoption of IoT devices on a consumer scale. If we no longer change our standards for the development of this technology, we will launch a huge number of vulnerable IoT devices on the market. It is a simple recipe for chaos in both the virtual and the real world.

- comments Ireneusz Wiśniewski, Managing Director at F5 Networks.

At present, cyber-attack threats are not only related to data loss, identity theft or costly unavailability of systems. Their effects are also visible in the real world, especially in the context of using the Internet of Things by hackers. We rely on these connected devices in such key areas as, inter alia, traffic management or airport systems, warning and management in emergency or crisis situations. If we do not take these risks seriously, the consequences of cyber attacks can also affect our lives and health.

Telnet: an easy target?

While telnet is still a popular method to launch attacks on IoT, F5 Labs has discovered that cybercriminals are increasingly turning their tactics.

For example, F5 Labs suggests that at least 46 million home routers are vulnerable to remote command-line attacks against the TR-069 and TR-064 protocols. These protocols, designed to allow ISPs to manage their clients' routers remotely, were used by Annie's thingbot. Attacks by hackers caused mass loss of network access for clients of several leading telecommunications providers. Annie, is one of the five identified thingbots created on the basis of the Mirai code (the others are Persirai, Satori, Masuta and Pure Masuta). Of these, only Persirai and Satori use telnet to access the attacked devices.

It is very likely that hackers carry out attacks using the thingbots, which we will never know about. Cybercriminals count on it. For example, digging cryptocurrencies provides a field to conduct an attack that is difficult to detect if it does not have any obvious consequences for the user, such as, for example, a slow operation of the device.

- explains Ireneusz Wiśniewski.

Companies wanting to avoid the risks associated with the thingbots should introduce additional security of key services and counter attacks aimed at identity theft by additional control of login data and a multi-level authentication process. In addition, remember to decrypt the network to catch malicious traffic that can be encoded. In addition, it must be ensured that all devices connected to the network pass through the system to detect threats to information security. At the same time, it is crucial to conduct regular audits of the safety of IoT devices, to test these devices before putting them into use and to introduce educational programs for employees.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.