Attacks on IoT Devices Double Over Past Year

Written by

The number of attacks targeting IoT devices has almost doubled from the second half of 2020 to the first six months of this year, according to Kaspersky.

The Russian cybersecurity firm collected data from a network of honeypots to mimic vulnerable devices and invite attacks.

Although these honeypots were on the receiving end of around 639 million cyber-attacks in the final six months of 2020, the figure had soared to over 1.5 billion by the first half of 2021.

So far this year, most of these attacks have been attempted using the telnet protocol, which is typically used to access and manage devices remotely. Over 872 million, or nearly 58%, of the total was accounted for this way. The rest used SSH (34%) and web (8%) channels.

Once compromised, IoT devices can be conscripted into botnets and used to mine illegally for crypto-currencies, launch DDoS attacks, steal personal data and more.

“Since IoT devices, from smartwatches to smart home accessories, have become an essential part of our everyday lives, cybercriminals have skilfully switched their attention to this area. We see that once users’ interest in smart devices rose, attacks also intensified,” explained Kaspersky security expert Dan Demeter.

“Some people believe they aren’t important enough to be hacked but we’ve observed how attacks against smart devices intensified during the past year. Most of these attacks are preventable. That’s why we advise smart home users to install a reliable security solution, which will help them stay safe.”

However, the challenge with IoT devices is that they can’t support traditional endpoint security agents. That means that security must be plugged in at the smart home network layer.

Other steps recommended by Kaspersky included prompt patching of any firmware updates and changing any factory default passwords to stronger, more complex credentials.

The vendor also urged smart home users to reboot any devices behaving oddly if they’re infected with malware, as this can sometimes help eliminate the malicious code.

If you liked this article, be sure to check out these upcoming Online Summit sessions:

What’s hot on Infosecurity Magazine?