Kaspersky, a global cybersecurity firm, research has uncovered a thriving underground economy on the dark web focused on Internet of Things (IoT) related services.
According to Kaspersky, Distributed Denial of Service (DDoS) attacks orchestrated through IoT botnets are in high demand among hackers. In the first half of 2023, Kaspersky’s Digital Footprint Intelligence service analysts identified over 700 ads for DDoS attack services on various dark web forums.
In the realm of IoT malware, a variety of families exist, with many originating from the 2016 Mirai one. Fierce competition among cybercriminals has driven the development of features designed to thwart rival malware. These strategies include implementing firewall rules, disabling remote device management, and terminating processes linked to competing malware.
In the first half of 2023, most attacks on Kaspersky honeypots came from China, Pakistan, and Russia. A honeypot computer system is intended to attract cyberattacks, like a decoy. It mimics a target for hackers, and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets.
Ten countries and territories where most attacks on Kaspersky honeypots came from, H1 2023
Kaspersky says the primary method for infecting IoT devices continues to be through brute-forcing weak passwords, followed by exploiting vulnerabilities in network services. Brute-force attacks on devices are commonly directed at Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorised access by cracking passwords, allowing them to execute arbitrary commands and malware. Although SSH, a more secure protocol, is also susceptible, it presents a greater resource challenge for attackers.
Furthermore, IoT devices face vulnerabilities due to exploits in the services they use. These attacks often involve the execution of malicious commands by exploiting vulnerabilities in IoT web interfaces, resulting in significant consequences, such as the spread of malware like Mirai.
“We urge vendors to prioritise cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities. In a nutshell, the IoT world is filled with cyber dangers, including DDoS attacks, ransomware, and security issues in both smart home and industrial devices. Kaspersky’s report stresses the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users,” comments Yaroslav Shmelev, a security expert at Kaspersky.