The modern home is chock full of myriad Internet of Things devices ranging from doorbell video cameras to smart pet feeders. While these products may offer a number of conveniences, smart devices also provide new entry points and potential security vulnerabilities for online criminals as cyberattacks surge. According to Kaspersky data shared with TechRepublic, attacks on IoT devices have doubled in the last year.
“Since IoT devices, from smartwatches to smart home accessories, have become an essential part of our everyday lives, cybercriminals have skillfully switched their attention to this area. We see that once users’ interest in smart devices rose, attacks also intensified,” said Dan Demeter, a security expert at Kaspersky via email.
SEE: Security incident response policy (TechRepublic Premium)
Smart homes, honeypots and remote work
In an effort to track and potentially prevent cyber attacks against connected smart devices, Kaspersky researchers set up honeypots, which the company described as “traps” of sorts for online attackers “targeting such devices.” In the first half of 2021, these honeypots detected over 1.5 billion cyberattacks focused on IoT devices, according to Kaspersky; more than double the total recorded in the first half of 2020.
So, what’s behind the surge in IoT device attacks? The short answer: The switch to remote work may have presented new entryways for opportunistic cybercriminals.
Over the last year, many remote teams have relied on VPN connections in their day-to-day. Amid the switch to remote work, Demeter said these gateways “became extremely interesting for attackers” for a number of reasons. For one, he said attackers can DDoS these connections disrupting company workflows and gain access to organizational networks via “misconfigured or insecure VPN gateways.”
“As such, the hunt of vulnerable devices (either IoT or directly connected to the internet) intensified during 2020, and we’ve seen some examples where attackers were able to gather more than half of million user accounts from vulnerable devices,” he continued.
During Kaspersky’s observations, Demeter said, an internet-connected honeypot would be probed for “exposed services” within about five minutes as a result of large-scale internet scanning, however, he added that this time is lower in some instances due to multiple large networks scanners probing devices.
“Of course, this is just the average value,” Demeter said. “We’ve had cases when we installed a fresh honeypot and it got probed in the next 10 seconds.”
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
For the most part, Demeter said “attackers are financially motivated and DDoS services are always profitable,” adding that this is the result of multiple factors, such as the “relatively cheap” cost of infecting IoT devices and, well, other hobbies of sorts.
“Sending spam e-mails is a favorite past-time activity,” he said. “From high-traffic networks, our honeypots collect and redirect around 200-400k spam emails per day. Having this capability of sending large amounts of spam emails, attackers often sell their services to other interested parties, which in turn might try to send phishing or targeted attacks.”
As long as there are internet-connected devices that are unconfigured and vulnerable, Demeter said, “attackers will try to exploit them in order to profit off them to gain money.”