Posted in:

Attack Thingbots ‘threaten Internet stability’ – report

New research from F5 Labs reveals IoT devices are now hackers’ No.1 attack vector of choice.

Internet of Things – IoT – devices are have become cyber criminals’ top attack target, and now surpass web and application services, and email servers as attack targets.

The fifth volume of F5 Labs’ Threat Analysis report ‘The Hunt for IoT’ reveals that 13 multi-purpose Thingbots – which can be co-opted by hackers to become part of a botnet of networked things – were discovered in the first half of 2018. Nine were discovered in 2016 and six in 2017.

Spain was the top country to come under attack during the last 18 months, and was subjected to 80% of all monitored IoT attack traffic between 1 January 2018 and 30 June 2018, F5 Labs reports. Other countries under consistent pressure included Russia, Hungary, the US and Singapore.

Most of the attacks between 1 January and 30 June originated in Brazil (18%). China was the second biggest attack source (15%), followed by Japan (9%), Poland (7%), the US (7%) and Iran (6%).

The most infected IoT devices, as determined by their participation in bots, were Small Office/Home Office (SOHO) routers, IP cameras, DVRs and CCTV security systems. Distributed Denial of Service (DDoS) remains the most utilised attack method. However, attackers in 2018 began to adapt Thingbots under their control to encompass additional tactics.

F5 Labs’ research discovered that cellular IoT gateways are just as vulnerable as wired and Wi-Fi-based IoT devices. As many as 62% of tested devices were vulnerable to remote access attacks exploiting weak vendor default credentials.

“IoT devices are multiplying at a rate that far outpaces global population growth. Increasingly, lax security control could endanger lives as, for example, cellular-connected IoT devices providing gateways to critical infrastructures are compromised,” says David Warburton, Senior EMEA Threat Research Evangelist at F5 Networks. “Organisations need to brace themselves for impact – IoT attack opportunities are virtually endless.”

Analyst Gartner estimates that the number IoT devices will surge to 20,4 billion by 2020, which represents a staggering 143% growth rate over three years.

More information: www.f5.com/labs