F5 Labs research reveals Chinese hackers lead attacks on Internet of Things devices

Research from F5 Labs has shed light on the fact that Telnet brute force attacks against Internet of Things (IoT) devices have risen a staggering 249% year over year (2016-2017) and been dominated by traffic originating from China. Findings from the company’s latest Threat Intelligence Report shed light on the challenges vulnerable IoT devices place on businesses as the proliferation of brute force hacks both intensify and become harder to monitor.

F5 Labs’ research reveals that 44% of attack traffic originates from China and IP addresses in Chinese networks. The most attacked countries were the US, Singapore, Spain and Hungary. With no standout country in relation to Thingbot attacks (wherein vulnerable IoT devices are dispersed across the globe), each of the Top 10 countries suffered a small portion of total attacks, except for Spain, which endured 22% of all attacks in December.

Interestingly, in the last half of 2017, F5 Labs recorded a decrease in attack volume compared to the first half of the year (a 77% decline Q1-Q4). Nevertheless, attack levels were still greater than during the height of Mirai, which gained notoriety in September 2016 for commandeering hundreds of thousands of IoT devices, such as CCTV cameras, routers and DVRs.

The research highlights how cyber criminals are changing tactics with increasing speed and diversity. F5 Labs observed attackers using different methods to compromise IoT devices for at least a year – techniques that are easy from a technical standpoint and require a few more steps in the attack plan. They also affect fewer devices, choosing to target non-standard ports and protocols, specific manufacturers, device types and models.

“It’s very likely that Thingbots have launched attacks we will never know about, and their creators are reaping the rewards,” commented Sara Boddy, director of F5 Labs Threat Research. “Crypto-currency mining is a good example of an IoT attack that would likely go undetected if it didn’t cause a noticeable impact, such as slow device performance. Businesses today must deploy critical application services for every app and any environment.”

Insecure IoT devices

With mass consumer adoption of IoT devices yet to be reached, if development standards remain unaltered, businesses across the globe will continue to bring insecure IoT devices into the market two-to-three times faster than the current flow, eventually leading to compromises at the same rate. In increasingly breach-conscious business environments, the case for extending security and related services to a wider range of enterprise applications is clear.

“App owners must be encouraged to better collaborate with NetOps, DevOps and SecOps within an agile framework to significantly improve the performance, availability and security of all applications,” continued Boddy.

To help businesses protect themselves, there are some simple steps which should be followed:

*Ensure redundancy for critical services in case service providers are targeted

*Mitigate stolen identity-related attacks with credential stuffing controls and multi-factor authentication

*Implement decryption inside the network to catch malicious traffic hiding in encrypted traffic, as well as ensuring devices connecting to the network pass through information security event prevention and detection systems

*Conduct regular IoT device security audits, test IoT products before use and ensure that robust employee education programmes are in place

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts