New research from F5 Labs has shed light on the fact that Telnet brute force attacks against IoT devices have risen a staggering 249% year over year (2016-2017) and dominated by traffic originating from China.
Research from F5 Labs reveals 44% of attack traffic originates from China and IP addresses in Chinese networks. The most attacked countries were the US, Singapore, Spain, and Hungary, and with no standout country in relation to Thingbot attacks (meaning vulnerable IoT devices are dispersed across the globe), each of the top 10 countries suffered a small portion of total attacks, except for Spain, which endured 22% of all attacks in December.
Interestingly, in the last half of 2017, F5 Labs recorded a decrease in attack volume compared to the first half of the year (a 77% decline Q1-Q4). Nevertheless, attack levels were still greater than during the height of Mirai, which gained notoriety in September 2016 for commandeering hundreds of thousands of IoT devices, such as CCTV, routers, and DVRs.
The research highlights how cybercriminals are changing tactics with increasing speed and diversity. F5 Labs observed attackers using different methods to compromise IoT devices for at least a year – techniques that are easy from a technical standpoint and require a few more steps in the attack plan. They also affect fewer devices, choosing to target non-standard ports and protocols, specific manufacturers, device types, and models.
“It’s very likely that Thingbots have launched attacks we will never know about, and their creators are reaping the rewards,” comments Sara Boddy, Director, F5 Labs Threat Research. “Cryptocurrency mining is a good example of an IoT attack that would likely go undetected if it didn’t cause a noticeable impact, such as slow device performance. Businesses today must deploy critical application services for every app and any environment.”
With mass consumer adoption of IoT devices yet to be reached, if development standards remain unaltered, businesses across the globe will continue bringing insecure IoT devices into the market two to three times faster than the current flow, eventually leading to compromises at the same rate. In increasingly breach-conscious business environments, the case for extending security and related services to a wider range of enterprise applications is clear.
“App owners must be encouraged to better collaborate with NetOps, DevOps, and SecOps within an agile framework to significantly improve the performance, availability, and security of all applications,” continues Boddy. “F5’s software-based solution lets customers easily add ‘right-sized’ services tailored for individual applications, multiple cloud environments, and user demands. Our BIG-IP Cloud Edition solution helps users deploy Advanced Web Application FirewallTM policies to address sophisticated application threats in a consistent way across public and private clouds.”
To help businesses protect themselves, there are some simple steps which should be followed:
• Ensure redundancy for critical services in case service providers are targeted
• Mitigate stolen identity-related attacks with credential stuffing controls and multi-factor authentication
• Implement decryption inside the network to catch malicious traffic hiding in encrypted traffic, as well as ensuring devices connecting to the network pass through information security event prevention and detection systems
• Conduct regular IoT device security audits, test IoT products before use, and ensure robust employee education programmes are in place