Now that more and more devices are being connected to the internet — creating the Internet of Things (IoT) — more criminals are exploiting the speed, convenience and anonymity of the Internet for criminal purposes. They may cause serious harm and pose a threat to people around the globe. This cybercrime can take on many forms. Think of the phishing mails that you may have received in the past, which aim to obtain your login details and personal data, but also more extreme forms like terroristic cybercrime. The costs for the global economy add up to billions of dollars.
It’s no secret that connected devices pose security threats to the commercial, consumer and industrial world. No one can guarantee that an IoT device is 100% secure. Now new reports on security threats are showing an accelerating line in attacks on IoT devices.
NexusGuard reports increased DDoS attacks
One of these is the recently released NexusGuard report, which shows an increase in a specific form of cybercrime: the Distributed Denial of Service (DDoS) attack. This form of attack attempts to make an online service unavailable for legitimate users by overwhelming it with traffic from multiple sources.
The NexusGuard report shows that the number of attacks have increased by 29% in the first two quarters of 2018 compared to 2017. According to NexusGuard this is largely due to the growing presence of IoT botnets (a collection of software robots or bots that are able to operate automatically and independently) that infect vulnerable IoT devices and (often) recruit them to the botnet. More worryingly, however, is the growing size (measured in Gigabits per second) of the attacks — increasing with a stunning 543%. Reasons for such attacks can vary from activism, extortion or harming a brand’s reputation to just plain old boredom.
One of the most notorious botnets out there is infected with the ‘Mirai’ IoT malware that saw its origin in August 2016, hitting targets like renowned security journalist Brian Krebs. This was one of the largest DDoS attacks at the time, probably meant as a retaliation for Krebs’ role in the investigation of another botnet. Since June of this year, a new version of the Mirai botnet seems to be making a rise — with reports from bleepingcomputer showing a steady increase in detection of the Mirai Sora malware. This is also one of the botnets that contributes to the rise in DDoS attacks as shown in the NexusGuard article.
What makes IoT devices so vulnerable?
There are many factors that play a role in the risk of IoT devices being misused for criminal purposes. It starts with their settings. Things like standard factory login settings that are programmed into IoT devices. In many cases login information is never changed from the factory settings. These default settings can often easily be traced.
One example of these vulnerable factory settings was the FTC filing a complaint against D-link for their insecure routers and IP cameras. The login credentials integrated into the D-link camera were username “guest” and password “guest”, which allowed for easy unauthorized access to the camera’s live feed. D-link routers on the other hand were easily accessible for hackers through what is known as “command injection”, a hacking method that can be used to exploit vulnerable validation constraints in applications to gain access to data or network resources.
In addition to the poor settings, many IoT devices are rarely updated. Even when these updates are available, users often don’t apply them because they do not know about their existence or they just simply ignore them. These updates serve various functions, including adding new functionalities to the IoT device, resolving issues, and fixing security vulnerabilities. A good example is the Shenzhen Gwelltimes Technology case, where hackers were able to easily take over baby monitors due to insecurities in the product’s firmware, hardware and cloud service. A terrifying thought! Even though they were confronted with the security issues, Shenzhen Gwelltime Technology decided not to take any further action. When a security breach occurs, users are often poorly informed or manufacturers simply remain silent in fear of how it will impact their reputation. This is obviously problematic.
Combine all of this with the fact that these devices are directly connected to the internet and you have yourself a high risk that IoT devices can be misused for criminal activities. In case of the DDoS attacks addressed in the NexusGuard report, this often results in IoT devices being taken over to carry out DDoS attacks on other online services.
How to protect your IoT devices
First off, don’t connect outdated devices directly to the internet. We’ve designed our IoT device, the IXrouter, to include a built-in firewall which separates all connected IoT devices from the Internet and makes sure that connected IoT devices are isolated — yet accessible. The same should apply to all your IoT devices. Always ensure that a firewall safely isolates your IoT devices from threats outside your network, reducing the chance of unauthorized access. Your devices should always be up-to-date with the latest available firmware as well. By doing so, you will not only benefit from the latest feature releases for that specific device, but it may also solve issues and fix security threats. This may sound obvious, but is often forgotten.
To the companies that offer IoT devices: keep continuously monitoring your threats and vulnerabilities. Make sure to keep customers informed about necessary safety information and updates to mitigate risks. If we all work together, we can create a safer cyber environment around the globe!