Kaspersky honeypots find 105 million attacks on IoT devices in first half of 2019

The number of attacks on IoT devices in 2019 is nine times greater than the number found in the first half of 2018.

How to quickly deploy a honeypot with Kali Linux Lure possible attackers into a trap with a Kali Linux honeypot.

After deploying more than 50 honeypots worldwide, Kaspersky detected 105 million attacks on Internet of Things (IoT) devices from 276,000 unique IP addresses, within only the first six months of 2019. The number of attacks in 2019 is nine times greater than the number found in the first half of 2018, which totaled 12 million attacks. 

SEE: Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)

Kasperky's IoT: A Malware Story report, released on Tuesday, used honeypot data to determine the number of cyberattacks conducted in the time frame, which type of attacks were used, and where these attacks took place. As organizations purchase more connected smart devices, attackers find more threat vectors to target, the report said. 

What are honeypots?

A tool used by many security experts, honeypots are decoys used to mimic typical targets of attack and subsequently attract cyberattackers, as Jack Wallen reported. 

Kaspersky incorporated three common types of honeypots: Low-interaction, high interaction, and medium interaction. The first simulates services such as Telnet, SSH, and web servers; the second mimics real devices, and the third is a mixture of the two. 

To avoid being discovered quickly by cybercriminals, Kaspersky's honeybots cycled through IP addresses often. Some honeypots kept the same address for long periods of time and ended up being flagged by cybercriminals who fell for the trick, the report said. 

Kaspersky's 50 honeypots, which were deployed for more than one year, resulted in 20,000 infected sessions every 15 minutes. Mirai, responsible for 39% of attacks, exploited unpatched vulnerabilities; while Nyadrop, which comprised another 39% of attacks, used password brute-forcing attacks, the report found.

Mirai is a malware family that hones in on weak IoT devices to use in a large-scale DDoS attacks. Mirai was popularized by its massive cyberattack that swept both the US and Europe in 2016, causing the largest internet blackout in US history. 

"As people become increasingly surrounded by smart devices, we are witnessing the way IoT attacks are intensifying," Dan Demeter, security researcher at Kaspersky, said in a press release. "Judging by the enlarged number of attacks and criminals' persistence, we can say that IoT is a fruitful area for attackers that use even the most primitive methods, like guessing password and login combinations. It's quite easy to change the default password, so we urge everyone to take this simple step toward securing your smart devices."

The most attacks came from China (30%), Brazil (19%), and Egypt (12%). Last year, however, Brazil was the source of most attacks with (28%), China came in second (14)%, and Japan third (11%). 

The report identified the following four steps users should take to keep their devices safe: 

  • Firmware: Install updates for the firmware you use as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.
  • Passwords: Always change preinstalled passwords. Use complicated passwords that include both capital and lowercase letters, as well as numbers and symbols, if possible.
  • Reboot: Reboot a device as soon as you think it's acting strangely. Keep in mind, however, that this might help get rid of existing malware, but doesn't reduce the risk of getting another infection.
  • VPN: Keep access to IoT devices restricted by a local VPN, allowing you to access them from your "home" network, instead of publicly exposing them on the internet.

For more, check out Deceptive networking lures hackers with decoy data on TechRepublic. 

Also see 

istock-948533056.jpg

Igor Stevanovic, Getty Images/iStockphoto