Analysts made a conclusion that 9 out of 10 attacks on IoT devices are connected with the use of unlicensed software or weak password policy of users. Along with this, the number of potential treats increased twice for 2018.
Users of IoT devices don’t use to change their passwords
The growing number of attacks on IoT devices can be explained by the presence of well known and predictable vulnerabilities, according to analysts of F-Secure. They show that the number of kinds of threats for IoT devices doubled in 2018. According to experts data, 87% of attacks are linked to the use of unlicensed software and weak passwords. Also this category includes users, not changing their passwords, received from producers or suppliers of IoT devices.
It’s separately underlined in the F-Secure study, that though big suppliers of IoT devices pay more attention to the security, users opportunities on the defense from threat still stay very modest.
"During many years, many producers released their products, not thinking deeply about their safety, that’s why many smart devices, vulnerable for easy attacks, exist", – noted Tom Gaffney, consultant on security in F-Secure.
"The lack of a systematic approach to the protection of device manufacturers and the mass distribution among consumers lead to the fact that the IoT systems are increasingly becoming targets of attacks by malicious users, – agree with the results of the study Yuriy Zakharov, engineer of Fortinet. – Despite of the fact that devices are modern, vulnerabilities in their software are broadly known. The smart device can be vulnerable in front of a rather simple network attack. What can the end user do to protect himself from information leakage when using IoT? To buy the device from well-known manufacturers or limit the area of its use."
The number of information security botnets increased twice
According to the published report, threats for IoT devices were met rarely until 2014. Everything was changed by Gafgyt when in October 2016 the botnet Mirai, developed on the base of Gafgyt code, became the first malicious software for IoT devices, received worldwide popularity. Mirai quickly developed, and among its victims of the large-scale DDoS attack on the infrastructure of a large DNS provider Dyn were Netflix, Airbnb, Reddit and even Twitter.
Mirai is still the main threat to the security of IoT devices. Analysts of F-Secure noted in 2018 that 59% of attacks to open ports Telnet related to the unfortunate botnet. It’s important to say that there were 5 main families of IoT malwares in 2017, but the next year they have increased twice.
According to F-Secure, the core reason of raising the number of attacks is vulnerabilities in supply chains of big manufacturers. It’s about microchips, cameras and other smart devices that big vendors receive from smaller contractors.