Chinese hackers dominate IoT attacks

null

New research from F5 Labs has shed light on the fact that Telnet brute force attacks against IoT devices have risen by a staggering 249 per cent year-on-year, and dominated by traffic originating from China.

The firm's latest Threat Intelligence report highlighted the challenges vulnerable IoT devices place on businesses as brute force attacks have grown in intensity and have become increasingly difficult to monitor.

According to F5 Labs' research, 44 per cent of attack traffic originates from IP address in China with the US, Singapore, Spain and Hungary being the most attacked countries.  Each of the top 10 countries affected by these attacks suffered a small portion of total attacks, except for Spain, which suffered 22 per cent of all attacks in December.

During the last half of 2017, the firm recorded a decrease in attack volume when compared to the first half of the year. Attack levels were the highest during the height of the Mirai malware which infected and took control of hundreds of thousands of IoT devices including routers, DVRs and CCTV.

F5's research highlights how cybercriminals have learned to change tactics with increasing speed and diversity. The firm observed how attackers have begun to deploy different methods to compromise IoT devices for at least a year. These new techniques are easy from a technical standpoint though they require a few more steps to execute.

Director at F5 Labs Threat Research, Sara Boddy highlighted the fact that IoT devices worldwide could have been attacked without our knowledge, saying:

“It’s very likely that Thingbots have launched attacks we will never know about, and their creators are reaping the rewards. Cryptocurrency mining is a good example of an IoT attack that would likely go undetected if it didn’t cause a noticeable impact, such as slow device performance. Businesses today must deploy critical application services for every app and any environment.” 

Businesses can protect themselves from falling victim to such an attack by conducting regular IoT device security audits, testing IoT products before use and by offering their employees additional training in regard to the latest cyber threats.

Image Credit: Everything Possible / Shutterstock