DEF CON IoT Hacking Village

Kaspersky: Attacks on Smart Devices Rise Threefold in 2018

Attacks against smart devices are surging, with both old and new threats targeting connected devices that remain largely unsecured, according to researchers at Kaspersky Lab.

Kaspersky researchers observed three times as many malware samples against smart devices in the first half of 2018 than they did in all of 2017, according to new findings reported on the SecureList website.

“That doesn’t bode well for the years ahead” researchers Mikhail Kuzin, Yaroslav Shmelev and Vladimir Kuskov deadpanned in their blog post outlining the research. 

DEF CON IoT Hacking Village
Connected products on display at the DEF CON IoT Hacking Village. Photo by Paul Roberts

“Malware for smart devices is increasing not only in quantity, but also quality,” researchers said. “More and more exploits are being weaponized by cybercriminals, and infected devices are used to steal personal data and mine cryptocurrencies, on top of traditional DDoS attacks.”

Hackers rely on one of the oldest ways to compromise a remote connection–cracking the Telnet password–to gain access to smart devices, researchers found.

“In Q2 2018, there were three times as many such attacks against our honeypots than all other types combined,” they said. Overall for the first six months of 2018, Kaspersky’s Telnet honeypot registered more than 12 million attacks from 86,560 unique IP addresses.

Following a successful Telnet attack–most of which originate in Brazil (23 percent) and China (17 percent)–hackers proceed to download malware onto devices. In the first half of 2018 Kaspersky researchers saw malware downloaded from 27,693 unique IP addresses. Most of that malware was a variant of the Mirai family, with Backdoor.Linux.Mirai.c the hacker’s top choice and used in nearly 16 percent of attacks, researchers found.

New technology, new tricks

Telnet, however, is an old technology, and many new IoT devices like routers and IP cameras don’t support it. This means hackers also have had to adapt to keep up their assault on smart devices.

And they have. Researchers report attackers using newer “alternative technology” like the Reaper botnet to  attack known vulnerabilities in these devices instead of brute force attacks on Telnet passwords.

IP enabled camera
IP cameras are still a top target of hackers, Kaspersky Lab reports.

IP cameras in particular are on the cybercriminal radar screen, with bad actors pouncing on vulnerabilities in these devices just as soon as they appear, according to Kaspersky. For example, last year, new versions of the Gafgyt and Persirai Trojans exploiting several major vulnerabilities in the software of GoAhead devices cropped up hot on the heels of those vulnerabilities being made public, with infected devices climbing to 57,000 in a week, researchers said.

In the meantime, other new malware and threats to end users also are emerging to take advantage of the expanded sophistication and capabilities of smart devices.

Cryptocurrency mining–by now a well-know style of attack–also is a technique Kaspersky researchers observed, with a particularly “devious and doable” method for stealing crytpo-coins invented by the creators of the Satori Trojan.

In this type of attack, the victim IoT device acts as a kind of key that opens access to a high-performance PC, with attackers trying to infect as many routers as possible using known vulnerabilities in the first stage of the attack. In the second stage, they used compromised routers and another vunerability found in a well-known miner remote-management tool to substitute a user’s wallet address for their own to pilfer cryptocash.

Data theft also is an emerging as a trend in smart-device attacks courtesy of the VPNFilter malware that infected hundreds of thousands of routers and network-attached storage devices earlier this year The number of devices and device brands infected by the malware continues to grow, and researchers still haven’t identified the Trojan’s distribution method, researchers said.

Secure your own device

With all of this cybercrime activity against smart devices persisting, one would think manufacturers of would get the point and start prioritizing security. Well according to researchers–surprise surprise!– they still aren’t, behavior that seems to be remaining as consistent as it is foolish.

Manufacturers continue to omit simple security steps like reminding people to change default password during initial setup or notifying them about the release of new firmware versions to keep their devices secure, researchers said. Moreover, the device-updating process remains complex for the end users, making them less inclined to install updates that could include important fixes for known vulnearbilities.

Kaspersky researchers offered some tips to device owners to help them provide the security that the devices inherently lack. They advised end users not to give access to the device from an external network unless absolutely necessary, and to periodically reboot to help rid of malware already installed, even this means the device still remains at risk of infection.

Smart device users also should regularly check for new firmware versions and update the device, and immediately change factory passwords to protect their devices with more complex passwords. They also should close or block unused ports, such as the oft-attacked Telnet port, if they are not necessary for connecting to a router, researchers advised.