Research from F5 Labs has shed light on the fact that Telnet brute force attacks against Internet of Things (IoT) devices have risen a staggering 249% year over year (2016-2017) and been dominated by traffic originating from China. Findings from the company’s latest Threat Intelligence Report shed light on the challenges vulnerable IoT devices place on businesses as the proliferation of brute force hacks both intensify and become harder to monitor.
F5 Labs’ research reveals that 44% of attack traffic originates from China and IP addresses in Chinese networks. The most attacked countries were the US, Singapore, Spain and Hungary. With no standout country in relation to Thingbot attacks (wherein vulnerable IoT devices are dispersed across the globe), each of the Top 10 countries suffered a small portion of total attacks, except for Spain, which endured 22% of all attacks in December.
Interestingly, in the last half of 2017, F5 Labs recorded a decrease in attack volume compared to the first half of the year (a 77% decline Q1-Q4). Nevertheless, attack levels were still greater than during the height of Mirai, which gained notoriety in September 2016 for commandeering hundreds of thousands of IoT devices, such as CCTV cameras, routers and DVRs.
The research highlights how cyber criminals are changing tactics with increasing speed and diversity. F5 Labs observed attackers using different methods to compromise IoT devices for at least a year – techniques that are easy from a technical standpoint and require a few more steps in the attack plan. They also affect fewer devices, choosing to target non-standard ports and protocols, specific manufacturers, device types and models.
“It’s very likely that Thingbots have launched attacks we will never know about, and their creators are reaping the rewards,” commented Sara Boddy, director of F5 Labs Threat Research. “Crypto-currency mining is a good example of an IoT attack that would likely go undetected if it didn’t cause a noticeable impact, such as slow device performance. Businesses today must deploy critical application services for every app and any environment.”
Insecure IoT devices
With mass consumer adoption of IoT devices yet to be reached, if development standards remain unaltered, businesses across the globe will continue to bring insecure IoT devices into the market two-to-three times faster than the current flow, eventually leading to compromises at the same rate. In increasingly breach-conscious business environments, the case for extending security and related services to a wider range of enterprise applications is clear.
“App owners must be encouraged to better collaborate with NetOps, DevOps and SecOps within an agile framework to significantly improve the performance, availability and security of all applications,” continued Boddy.
To help businesses protect themselves, there are some simple steps which should be followed:
*Ensure redundancy for critical services in case service providers are targeted
*Mitigate stolen identity-related attacks with credential stuffing controls and multi-factor authentication
*Implement decryption inside the network to catch malicious traffic hiding in encrypted traffic, as well as ensuring devices connecting to the network pass through information security event prevention and detection systems
*Conduct regular IoT device security audits, test IoT products before use and ensure that robust employee education programmes are in place