The dark web marketplace offers exploits for zero-day vulnerabilities in IoT devices, as well as IoT malware bundled with infrastructure and supporting utilities
Kaspersky, the Russian global cybersecurity and anti-virus provider firm in its latest survey report has mentioned that IoT devices, such as routers and smart home components, are projected to exceed 29 billion by 2030. Kaspersky's research uncovered a thriving underground economy on the dark web focused on IoT-related services. Notably, Distributed Denial of Service (DDoS) attacks orchestrated through IoT botnets are in high demand among hackers. In the first half of 2023, Kaspersky's Digital Footprint Intelligence service analysts identified over 700 ads for DDoS attack services on various dark web forums, according to the company’s official press release.
In the realm of IoT malware, a variety of families exist, with many originating from the 2016 Mirai one. Fierce competition among cybercriminals has driven the development of features designed to thwart rival malware. These strategies include implementing firewall rules, disabling remote device management, and terminating processes linked to competing malware. In the first half of 2023, most attacks on Kaspersky honeypots came from China, Pakistan, and Russia. A honeypot computer system is intended to attract cyberattacks, like a decoy. It mimics a target for hackers, and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets.
The primary method for infecting IoT devices continues to be through brute-forcing weak passwords, followed by exploiting vulnerabilities in network services. Brute-force attacks on devices are commonly directed at Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorized access by cracking passwords, allowing them to execute arbitrary commands and malware. Although SSH, a more secure protocol, is also susceptible, it presents a greater resource challenge for attackers.
Types of IoT Malware
IoT devices are susceptible to various types of malware, each serving distinct purposes:
1. DDoS Botnets: These malicious programs take control of IoT devices to launch Distributed Denial of Service (DDoS) attacks on a wide range of services.
2. Ransomware: Targeting IoT devices, particularly those containing user data like NAS boxes, ransomware encrypts files and demands ransoms for decryption.
3. Miners: Despite their limited processing power, some cybercriminals attempt to use IoT devices for cryptocurrency mining.
4. DNS Changers: Certain malware alters DNS settings on Wi-Fi routers, redirecting users to malicious websites.
5. Proxy Bots: Infected IoT devices are employed as proxy servers to reroute malicious traffic, making it difficult to trace and mitigate such attacks.
Now, the point is how to protect industrial and customer IoT devices:
- Conduct regular security audits of OT systems to identify and eliminate possible vulnerabilities.
- Use ICS network traffic monitoring, analysis and detection solutions for better protection from attacks potentially threatening technological process and main enterprise assets.
- Make sure you protect industrial endpoints as well as corporate ones. Kaspersky Industrial CyberSecurity solution includes dedicated protection for endpoints and network monitoring to reveal any suspicious and potentially malicious activity in industrial network.
- When implementing IoT, assess the status of a device’s security before its implementation. Preferences should be given to devices that have cybersecurity certificates and products from those manufacturers that pay more attention to information security.
- For your smart home devices, don’t forget to change the default password. Instead use a strict and complex one and update it regularly. A reliable password manager, such as Kaspersky Password Manager, can help to generate a secure one.