Hackers utilise Thingbots to launch IoT attacks
Internet of Things (IoT) devices are now cybercriminals’ top attack target and have managed to surpass web, application services and email servers according to new research from F5 Labs.
The fifth volume of the security firm’s The Hunt for IoT report that thirteen Thingbots, IoT devices that have become part of a botnet, were discovered during the first half of 2018.
During the past 18 months, Spain was the top country under attack and it endured a remarkable 80 per cent of all monitored IoT attack traffic between January 1st and June 30th of last year. Russia, Hungary, the US and Singapore were also under consistent pressure from IoT attacks.
A majority of the attacks in the first half of last year originated in Brazil (18%) with China being the second biggest culprit (15%) followed by Japan (9%), Poland (7%), the US (7%) and Iran (6%).
Rise of the Thingbots
While DDoS attacks remain the most utilised attack method, hackers began adapting Thingbots to perform additional tactics including installing proxy servers to launch attacks from, crypto-jacking, installing Tor nodes and packet sniffers, DNS hijacks, credential collection, credential stuffing and fraud trojans.
Hackers commonly used global internet scans searching for open remote administration services to discover and then infect IoT devices.
Telnet and Secure Shell (SSH) protocols were the most popular followed by Home Administration Protocols (HNAP), Universal Plug and Play protocols (UpnP), Simple Object Access Protocols (SOAP) and various other Transmission Control Protocols (TCP) ports used by IoT devices.
Senior EMEA Threat Research Evangelist at F5 Networks, David Warburton explained why organisations should prepare themselves for future IoT attacks, saying:
“We are stuck with over 8 billion IoT devices around the world that, for the most part, prioritise access convenience over security. Organisations need to brace themselves for impact, because IoT attack opportunities are virtually endless and the process of building Thingbots is more widespread than ever. Unfortunately, it is going to take material loss of revenue for IoT device manufacturers, or significant costs incurred by organisations implementing these devices, before any meaningful security advances are achieved. Therefore, it is essential to have security controls in place that can detect bots and scale to the rate at which Thingbots attack. As ever, having bot defense at your application perimeter is crucial, as is a scalable DDoS solution.”