IoT cyberattacks have been on the rise, and recently attacks have increased on a massive scale. According to Kaspersky, in the first six months of this year alone, more than 1.5 billion attacks on smart devices have been recorded. The main motive behind targeting IoT devices is to steal data, mine cryptocurrencies, and / or develop botnets.
What has happened?
Kaspersky telemetry revealed that the first six months of this year have shown 100% growth in cyberattacks targeting IoT devices compared to previous trends.
• Attackers are still monetizing the work-from-home situation. They are attacking corporate resources by targeting home networks and smart home devices connected to these corporate resources.
• The infected devices are used to steal personal or corporate information and extract cryptocurrencies. The infected devices are added to a botnet to carry out DDoS attacks.
• Attackers use weak passwords to infect IoT targets. Also, vulnerabilities are discovered more frequently on smart devices.
According to the report, there is still a lack of incident preparedness as personal devices are used to access resources on corporate networks. It reduces the visibility of the end point and expands the attack surface.
Recent threats on IoT devices
A set of vulnerabilities called BrakTooth has been revealed, affecting the Bluetooth stacks of billions of commonly used devices, including at least 11 vendor chipsets.
• Just a week ago, a vulnerability was detected in the Linphone SIP protocol stack from Belledonne Communications. It is one of the first open source applications to use SIP on Linux. It targeted Linphone and other SIP-based products, including popular VoIP mobile apps and IoT firmware.
• In May, the Lemon Duck botnet was targeting IoT devices to exploit computing resources to mine cryptocurrencies. In addition, it resulted in more systems being added to the botnet network.
IoT devices are used now more than ever and have become an essential part of daily operations. At the same time, the increasing exploitation of smart devices has become a major concern, which could lead to access within corporate networks. Therefore, IoT users are advised to avoid using default passwords and always update devices with the latest firmware.