Thursday, 16th July 2020

IoT devices under constant attack

Cyxtera Technologies has released findings from an extensive research project, the “Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots,” showing that IoT devices are under constant attack; more than 150 million connection attempts over 15 months. The report reveals the detection of new attacks on IoT devices, especially those leveraging zero-day vulnerabilities for specific devices. The research was a joint effort by Cyxtera threat researcher Martin Ochoa and researchers from the Singapore University of Technology and Design.

In tandem with the release of this research, Cyxtera announced new functionality in its flagship Zero Trust solution, AppGate SDP, that extends the benefits of network micro-segmentation and software-defined perimeter to connected IoT devices. The AppGate SDP IoT Connector enables enterprises to enforce consistent access control policies across users, servers, and devices to protect today’s complex and distributed resources.

Key report findings include:

  • Researchers detected more than 150 million connection attempts to 4,642 distinct IP addresses.

  • 64 percent of incoming connections seemed to originate in China, with another 14 percent from the United States. This was followed by the United Kingdom (nine percent), Israel (eight percent) and Slovakia (six percent). Note: It’s difficult to definitively confirm the origination of Internet traffic as it is possible to re-route traffic to other locations, frequently employed as an obfuscation technique.

  • All IoT devices saw attempted logins immediately upon coming online and the number of login attempts increased steadily over time.

  • Within days of new malware campaigns going public – such as Mirai, Satori, and Hakai – those malware families were being used to attack IoT devices from the honeypot. In many cases, the increase in activity was identifiable in the days and weeks before the malware was publicly named.

  • 54 percent of connections received by the honeypot were via Telnet port, while HTTP ports received almost all of the remaining connections.

  • IP cameras received the majority of connections in the honeypot, suggesting greater attacker interest in those IoT devices as compared to others such as printers and smart switches. Several recent, large-scale attacks on IoT devices have targeted IP cameras.

“IoT devices are an attractive target for attackers, because they are often a security after-thought and its harder to keep them patched and up-to-date — if patches are even available at all,” said Alejandro Correa Bahnsen, Vice President of Data Science at Cyxtera. “The researchers involved in this project accurately detected several large-scale attacks targeting IoT devices and demonstrated the frequency and speed with which these devices are targeted. This approach can be replicated by other threat researchers to broaden our collective knowledge about these vulnerabilities.”

McAfee ESM Cloud removes traditional barriers to SecOps efficiency; accelerates digital transformati...
Overwork and burnout are very real issues for the IT security industry in 2020, according to the Cha...
Over half of CIOs are apprehensive about business interruptions due to expired machine identities.
Cortex XDR, Cortex Data Lake and WildFire will now offer a UK hosting option to help customers with...
Bitglass, the Total Cloud Security company, has released its 2020 BYOD Report, which analyses enterp...
According to The State of Cloud Security 2020, a global survey from next-generation cybersecurity le...
Trustwave has introduced Trustwave PartnerOne, a new global partner program designed to deliver the...
New channel sales strategy accommodates extraordinary market momentum of network threat detection an...