Η Symantec reveals with a new survey, showing how networks κυβερνοεγκληματιών, εκμεταλλεύονται την ελαστικότητα της better safetyof devices Internet of Things (IoT), with the aim of spreading malware, but also the creation zombie networks ή botnets, unknowingly by their owners.
The specialized team Security Response of Symantec, discovered that cybercriminals are invading domestic networks as well as connected devices used by consumers everyday so that attacks can be carried out distributed denial of service (DDoS)towards more efficient targets, usually larger companies. To achieve their purpose they need cheap bandwidth and they achieve this by stitching together a wide range of consumer devices that are easy to infect, since they lack advanced security.
Note that over half of total attacks IoT, come from China and the USA. , based on locationof the addresses of the IPs which "show" the starting point of the attacks malware. Also, a large number of attacks come from Germany, the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP addresses are used through proxies, so the attackers hide their true location.
Most lethal attacks malware, target non-personal use devices such as servers, routers, modems, network storage devices (nose), closed circuit television sets (CCTV), as well as industrial control systems. Many of these systems may have access to Internet, but due to the operating system and limited processing power, they may not have advanced security features.
As the attackers are fully aware of the inadequate security of the IoT, many of them plan in advance the malware that they create, including in them commonly used passwords, that easily allow the invasion on these devices. The low level of security on many IoT devices makes them easy targets with victims usually not even knowing they are infected.
Additional findings from her research Symantec include the following:
- 2015 was a record year for the attacks IoT, with a variety of hypotheses in home automation devices and home security devices. However, attacks to date have shown that attackers tend to be less interested in the victim and the majority focus on this device in order to add it to one of botnets, most of which are used to perform attacks DDoS.
- The devices IoT is the primary objective, since they are designed to be linked and "forgotten" after the basic set-up.
- The most common passwords IoT malicioussoftware, are used to try to connect to devices and as expected, the combination is "root" and "admin", Indicating that default passwords often never change!
- Attacks from multiple platforms IoT we will see them more often in the future as the number of built - in devices connected to the Internet is constantly increasing.
More information about Symantec's IoT research can be found at: http://www.symantec.com/connect/blogs/iot-devices-being-increasingly-used-ddos-attacks