Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Multi-Purpose Attack Thingbots Threaten Internet Stability And Human Life.

by The Gurus
January 9, 2019
in Featured, The Internet of Things
Multi-Purpose Attack Thingbots Threaten Internet Stability And Human Life.
Share on FacebookShare on Twitter

New research from F5 Labs has revealed that IoT devices are now cybercriminals’ top attack target, surpassing web and application services, and email servers.

Gartner currently estimates that the number IoT devices will surge to 20,4 billion by 20201, which represents a staggering 143% growth rate over three years.

“IoT devices already outnumber people and are multiplying at a rate that far outpaces global population growth. Increasingly, lax security control could endanger lives as, for example, cellular-connected IoT devices providing gateways to critical infrastructures are compromised,” said David Warburton, Senior EMEA Threat Research Evangelist, F5 Networks.

The fifth volume of The Hunt for IoT2 report notes that thirteen Thingbots3 – which can be co-opted by hackers to become part of a botnet of networked things – were discovered in the first half of 2018. Six were discovered in 2017 and nine in 2016.

Attack Trends

Spain was the top country under attack during the past 18 months, including enduring a remarkable 80% of all monitored IoT attack traffic between 1 January and 30 June 2018. Other countries under consistent pressure included Russia, Hungary, the US and Singapore.

Most of the attacks between 1 January and 30 June originated in Brazil (18% of instances). China was the second biggest culprit (15%), followed by Japan (9%), Poland (7%), the US (7%) and Iran (6%).

The most infected IoT devices, as determined by their participation in bots, were Small Office/Home Office (SOHO) routers, IP cameras, DVRs, and CCTVs.

Distributed Denial of Service (DDoS) remains the most utilised attack method. However, attackers in 2018 began adapting Thingbots under their control to encompass additional tactics including installing proxy servers to launch attacks from, crypto-jacking, installing Tor nodes and packet sniffers, DNS hijacks, credential collection, credential stuffing, and fraud trojans.

The most common method attackers used to discover and eventually infect IoT devices was through global internet scans looking for open remote administration services. Telnet and Secure Shell (SSH) protocols were the most popular, followed by Home Network Administration Protocols (HNAP), Universal Plug and Play protocols (UPnP), Simple Object Access Protocols (SOAP), and various other Transmission Control Protocol (TCP) ports used by IoT devices. Common vulnerabilities and exposures specific to IoT device manufacturers were also prominent routes to exploitation.

Worryingly, the report posits that there is a significant and growing concern that IoT infrastructures – the servers and databases to which IoT devices connect – are “just as vulnerable to authentication attacks via weak credentials as the IoT devices themselves.”

As a case in point, F5 Labs’ latest research discovered that cellular IoT gateways are just as vulnerable as traditional wired and WiFi-based IoT devices. As many as 62% of tested devices were vulnerable to remote access attacks exploiting weak vendor default credentials. These devices act as out-of-band networks, creating network back doors, and are widely dispersed across the globe.

Telltale Telnets And Attacks From New IP Addresses

Notably there was a large spike in attack traffic in March 2018 that drove a 94% decline in total Telnet attack volume from Q1 to Q2 1018. This is important, as the frequency of Telnet attacks typically tails off when cybercriminal shift their focus from reconnaissance scanning to targeted attacks aimed at building deployable Thingbots.

Interestingly, the top 50 logged attacking IP addresses are all new. This represents a big change from previous four reports where the same IP addresses consistently appeared. The report believes this means there are a range of new threat actors in play, or that existing disruptors are transitioning to new systems. Other new developments include the introduction of attacking IP addresses hailing from Iran and Iraq.

Most attacks still originate in the networks of telecom and Internet Service Providers that provide internet services to homes, small offices and larger enterprises. The trend has remained the same for 18 months and is expected to continue. Attackers typically rent systems in hosting centers to initiate the building of a botnet. Build efforts are then taken over by the infected IoT devices in telecom networks.

Mirai Remains

Another key report observation is that there has been scant decrease in the global footprint of Mirai, which is the most powerful Thingbot yet to have launched an attack.

The number of Mirai scanner systems across the world dwindled slightly from December 2017 to June 2018. However, Europe remains the only region where Mirai scanner infections remained relatively static from December 2017 to June 2018.

Not only is the threat of the original bot still powerfully present, but there are also at least 10 Mirai offshoots to consider (Annie, Satori/Okiru, Persirai, Masuta, Pure Masuta, OMG, SORA, OWARI, Omni, and Wicked). Furthermore, Mirai’s stepsiblings are capable of much more than launching DDoS attacks, and can deploy proxy servers, mine crypto-currencies and install other bots.

Turbulent times Ahead

“We are stuck with over 8 billion IoT devices around the world that, for the most part, prioritise access convenience over security,” said Warburton.

“Organisations need to brace themselves for impact, because IoT attack opportunities are virtually endless and the process of building Thingbots is more widespread than ever. Unfortunately, it is going to take material loss of revenue for IoT device manufacturers, or significant costs incurred by organisations implementing these devices, before any meaningful security advances are achieved. Therefore, it is essential to have security controls in place that can detect bots and scale to the rate at which Thingbots attack. As ever, having bot defense at your application perimeter is crucial, as is a scalable DDoS solution.”

FacebookTweetLinkedIn
Share1TweetShare
Previous Post

Botnets And Machine Learning: A Story Of “Hide And Seek”.

Next Post

€1bn In Cyber Security Research Funding Evaluated, Revealing Academic Trends And Threats For 2019 And Beyond.

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 30, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information