News

Flaws Left Unpatched, Unstopped Malware Contribute to Growing IoT Attacks

• By Becky Nagel
• April 3, 2019

According to a recent Internet of Things (IoT) security report from F-Secure, a global security solutions and services provider, a lack of good password security (or no password at all) combined with unpatched vulnerabilities contribute to 87 percent of all IoT attacks. And with the explosion of IoT devices, particularly on the consumer side, the company is seeing the number of attacks explode, as well.

"In late 2018, F-Secure's network of reconnaissance honeypots servers observed a huge spike in threats targeting exposed telnet ports. Mirai [a botnet attack aimed at IoT devices] uses this infection method to go after devices through default passwords," the company wrote in its report, titled, "IoT Threat Landscape: Old Attacks, New Vectors."

"This explosion of attacks suggests that there is still plenty of 'easy prey' out there and criminals are going after it," the report continued.

F-Secure noted that a majority of the attacks it observed via its honeypots targeted Telnet as the attack vector.

Aside from Mirai, which was discovered in 2016, some of the other active malware still out there include:

• Hajime, a worm which targets the TR-069 protocol used by many ISPs' routers
• IoT_Reaper, a botnet which attacks known, existing HTML vulnerabilities in the control interfaces often found in CCTV and other cameras
• Hide N Seek, a rework of IoT_Reaper that infects the same cameras and installs cryptominers
• ADB.Miner, which uses "the bones of Mirai" to penetrate the debugger interface of Android devices and also installs cryptominers
• Fbot, another Mirai offshoot, this time with a blockchain-based DNS infrastructure
• Torii, which uses Tor's anonymizing software to attack "six infection vectors"
• VPNFilter, a major attack on a wide variety of routers that destroys firmware and sniffs out credentials

And the problem is that even though many of the attacks at the top of the list above are years old, their attack vectors remain unpatched on millions and millions of devices.

As for new attacks in 2019 and beyond, the report reads: "The IoT threats we face are most likely to focus on using hijacked resources to help launch denial-of-service attacks and mining for virtual currencies."

"F-Secure Labs has seen some evidence that cryptomining slowed slightly as the year began, possibly because research suggests criminals aren't finding the tactic to be very profitable," it continues. "But some experts expect this trend to reverse, especially as cryptocurrency prices fall and increased mining is needed to make up for losses."

You can read a summary of the report here and download the entire report in .PDF format here.