Manufacturers under pressure to address seasonal IoT vulnerabilities and safeguard consumers
F5 Networks and Loryka today revealed the findings of a report examining the use of connected devices as cyber weapons by hackers.
The report, entitled ‘DDoS’s Newest Minions: IoT Devices,’ was created by F5 Labs using data from F5 partner Loryka and shows that hackers are increasingly searching for products with network connectivity to manipulate for their own means. With one in three Brits set to give gifts leveraging the Internet of Things for Christmas this year, the influx of smart products will also provide a welcome present for hackers.
While the recent attack on internet service provider Dyn publicly marked a new type of cyber-offensive, hackers have been attempting to hijack devices using the Internet of Things (IoT) for some time. For example, they are increasingly scanning for devices that are linked to networks for vulnerabilities and to see which of them use telnet (unencrypted) or SSH (encrypted) systems. To most, telnet and SSH are methods of accessing the deeper operating system of a connected device but to criminals, they can be used to identify easily exploitable default passwords and install malware or other malicious software.
The report shows that the number of these telnet and SSH scans increased by 140% year-on-year from July 2015, with the figure increasing significantly from May 2016 onwards, double the previous peak level from the 12-month period. This is indicative of the number of smart devices flooding the market, giving cyber-criminals a better chance of using everyday items using the internet to attack other entities. The context is ripe for hackers to take advantage of the most connected Christmas ever.
Elsewhere, the report provides a snapshot of scan volumes by region, showing that China is by far the leading source of telnet attack scans over the past 6 months, conducting more than the other 19 countries in the top 20 combined. . Furthermore, Friday was identified as the most popular day for conducting SSH attack scans, with Wednesday the least popular.
“As consumer devices become increasingly exploited by hackers, responsibility for cybersecurity must be spread across several stakeholders,” commented Keiron Shepherd, senior security specialist at F5 Networks. “With the everyday user looking for seamless, hassle-free products and experiences, they should be empowered with responsibility for their own security. To do this, manufacturers of smart products must provide consumers with simple, intuitive security management methods based on secure infrastructure. With hackers’ tactics evolving constantly, manufacturers must make security a priority as we enter a festive season already associated with cybercrime and fraud.”