Rapidly multiplying IoT cyber attacks use well-known weaknesses

Devices that make up the internet of things (IoT) may be relatively new, but the growing number of cyber attacks targeting these devices still rely on well-known and predictable security weaknesses, say security researchers.

Data collected and analysed by researchers at security firm F-Secure shows that the number of IoT threats doubled in 2018, growing from 19 to 38 in the space of a single year.

But most exploit things such as unpatched software, weak or default passwords, or a combination of the two, which make up 87% of observed threats, according to a report by researchers at F-Secure Labs. “History may remember 2018 as the turning point,” the report said.

Tom Gaffney, F-Secure operator consultant, said although the larger device suppliers are paying more attention to security than in the past, a lot of devices from many different manufacturers still do not offer consumers much in the way of security or privacy.

“The big guys like Google and Amazon have made strides in their smart home products with the help of massive backing and ethical hackers. But for years manufacturers have been releasing products without giving much thought to security, so there’s a lot of ‘smart’ devices out there vulnerable to relatively simple attacks,” he said.

According to the report, IoT threats were rarely encountered before 2014, but that changed around the time of the release of the source code for Gafgyt – a threat that targeted a variety of IoT devices, including BusyBox devices, closed-circuit television (CCTV) devices and many digital video recorder (DVR) devices.

In October 2016, Mirai, which was developed from Gafgyt’s code, became the first IoT malware to achieve global prominence when its botnet was used to launch one of the largest distributed denial-of-service (DDoS) attacks in history that targeted domain name system (DNS) services provider Dyn.

Mirai’s code, which has been public “for research/IoC development purposes” since 2016, originally used 61 unique combinations of credentials used for infections. But within three months, that number had reached almost 500. This established Mirai as a prevalent malware family.

According to the report, around 59% of attack traffic detected by F-Secure’s honeypot servers in 2018 targeted exposed Telnet ports, with Mirai’s attempts to spread emerging as the main culprit behind the attacks.

Since Mirai in 2016, there has been a steady growth of IoT threats, the report highlights, with five main attack families emerging in 2017, with double that recorded in 2018, including VPNFilter – an IoT threat that appears to have been sponsored by a nationstate, the report said.

“Deploying massive amounts of computing power without prioritising security and privacy has created a new target that criminals are just beginning to exploit. This requires immediate action by manufacturers, regulators and everyone responsible for connecting people to the internet. Because when these threats turn our technologies against us, no one can say that we weren’t warned,” the report concluded.

The root cause of many of the IoTs problems starts with the manufacturers’ supply chains, according to Jarno Niemela, principal researcher at F-Secure Labs.

“Most device vendors license software development kits for the chipsets they use in their smart cameras, smart appliances, and other IoT devices. That’s where the vulnerabilities and other issues are coming from,” he said.

Device sellers, said Niemela, have to start asking for more in terms of security from these suppliers, and be prepared to issue updates and patches as they become available.