Attacks using IoT devices escalate in 2019
Cyber criminals have upped the intensity of IoT attacks and those using Windows SMB in the first half of 2019, according to a new F-Secure report.
F-Secure's honeypot servers measured a twelvefold increase in such events compared to the same period a year ago. The increase was driven by traffic targeting the Telnet and UPnP protocols, which are used by IoT devices, as well as the SMB protocol, which is used by the Eternal family of exploits to propagate ransomware and banking Trojans.
Telnet traffic accounts for the largest share of traffic for the period, with over 760 million attack events logged, or around 26 percent of traffic. UPnP was the next most frequent, with 611 million attacks. SSH, which is also used to target IoT devices, had 456 million attacks.
Likely sources of this traffic are IoT devices infected with malware such as Mirai, which was also the most common malware family seen by the honeypots. Mirai infects routers, security cameras, and other IoT devices that use factory default credentials.
"Three years after Mirai first appeared, and two years after WannaCry, it shows that we still haven't solved the problems leveraged in those outbreaks," says F-Secure principal researcher Jarno Niemela. "The insecurity of the IoT, for one, is only getting more profound, with more and more devices cropping up all the time and then being co-opted into botnets. And the activity on SMB indicates there are still too many machines out there that remain unpatched."
Among other findings are that countries whose IP spaces played host to the highest numbers of attack sources are China, the US, Russia, and Germany. Countries where the most attacks were directed were the US, Austria, Ukraine, UK, the Netherlands, and Italy.
The greatest share of Telnet traffic came from the US, Germany, UK and the Netherlands, while the greatest share of SMB traffic came from China.
You can find out more on the F-Secure blog.