While the information stored in Internet of Things (IoT) devices is still valuable to attackers, Symantec researchers found they're becoming less interested in targeting the victims and more interested in targeting the connected devices to add to botnets used to carry out DDoS attacks.
Researchers noted a significant spike in new malware designed to target IoT devices in 2015, many of which remain active in 2016, with 34 percent of attacks originating in China and 28 percent originating in the U.S., according to a Sept. 22 blog post.
As the number of connected devices in the home increase, researchers expect to see more DDoS attacks stemming from multiple IoT platforms simultaneously as the poor security of these devices make them a prime target.
Infections are also easy to stay under the radar since most IoT malware targets non-PC embedded devices that are internet-accessible with limited features as they are often designed to be plugged in and forgotten leaving victims often not knowing they have been infected.
Several of the attacks used to take over these devices exploited the most common default passwords which are often left unchanged and the most common method of attack often consisted of a scan for IP addresses with open Telnet or SSH ports, researchers said in the post.
Popular IoT malware families include Linux.Darlloz, Linux.Aidra, Linux.Xorddos, Linux.Gafgyt , Linux.Ballpit, Linux.Moose, Linux.Dofloo, Linux.Pinscan, Linux.Kaiten, Linux.Routrem, Linux.Wifatch, and Linux.LuaBot.
Researchers recommend users protect themselves by ensuring their IoT products are secured before purchasing them, auditing IoT devices used on their network, always change default credentials, use strong encryption methods when setting up Wi-Fi networks, disable unnecessary features, use SSH whenever possible.
They also recommend users disable or protect remote access to IoT devices when not needed, used wired connections instead of wireless whenever possible, regularly update firmware and Ensure that a hardware outage does not result in an unsecure state of the device.
Your home router is the equivalent to your front door in the cyber world, prpl Foundation, Chief Security Strategist Cesare Garlati told SCMagazine.com via emailed comments.
"But while no homeowner in their right mind would leave their physical front door open, many are doing the equivalent with their smart home by failing to take care of their router,” he said. “Failure to patch vendor updates, for instance, could leave critical vulnerabilities present which hackers can take advantage of to eavesdrop on traffic and hijack smart devices.”
Manufacturers' failure to equally prioritized security performance could lead some vendors to run out of business as security becomes more of a priority among consumers, Reiner Kappenberger, head of global product management, enterprise data security for HPE Security-Data Security, told SCMagazine.com.
“The IoT space has become a hot market where companies need to enter quickly with functionality to be considered leading the space,” Kappenberger said. “However with that approach where functionality is the leading indicator comes the risk that security measurements are pushed to the back of the development cycle and frequently then dropped in order to release a product.”
Manufacturer may need to install security monitoring and prevention tolls at the network lever to monitor their network to prevent potential attacks, Shankar Somasundaram, a senior director at Symantec, told SCMagazine.com via email comments.
“Manufacturer should at first realize that there is a potential brand impact to them if they don't do anything about security on their devices,” he said. “A lot of basic things like identity, authentication and code protection can be done without a significant effort.”
Somasundaram added that not securing devices could also impact consumers more broadly since many devices are now connected.
Norton IoT Solutions General Manager Ameer Karim warned that users should rethink purchasing connected IP cameras, alarm systems, wearables and routers as they often lack basic security features.