As “Smart” devices proliferate, hackers and other threat groups are increasingly drawn towards them. A new report suggests more than a billion IoT (Internet of Things) devices were attacked last year. The number of attacks is expected to grow substantially as everything from electrical outlets to lawnmowers is getting the “Smart” tag.
A meteoric rise in the use of IoT devices hasn’t gone unnoticed by organized hackers. A new report by SAM Seamless Network suggests one billion security-related attacks occurred in 2021. What’s concerning is that more than 900 million of those attacks were IoT-related.
About half of the attacks happened on home and micro-business networks. Some of the attacks included suspicious network traffic behavior. The most notable and common attacks involved DDoS, brute force attacks, phishing, and DPI policy-based attacks.
The most commonly attacked hardware were home routers. Small routers, particularly common in homes, coffee shops, and other non-industrial premises, are increasingly vulnerable to attacks, the report said. Other devices that were attacked, included Wi-Fi extenders and mesh internet routers, Internet Access Points (AP), NAS (Network Attached Storage), VoIP, internet-connected cameras, and other small but smart home devices.
The majority of successful attacks on the IoT devices were possible due to the weak security and poorly configured settings. The report indicates there’s a general lack of understanding about security and its importance in the IoT ecosystem, particularly among consumers or micro-businesses. Moreover, there is way more diversity in terms of operating systems and their versions. This leads to fragmentation, which makes it difficult to compile and deploy security updates. Oftentimes, IoT devices do not even receive regular security updates, if at all.
It is important to note that attackers are developing sophisticated botnets that crawl the internet, hunting for weak and vulnerable devices. Particularly, the Mirai and Mozi botnets have been targeting IoT devices and home routers since 2016. These web crawling malware continue to receive more powerful capabilities. They are also getting better at evading detection. The fact that IoT devices seldom receive unattended updates, makes them an even easier target.
The “2021 IoT Security Landscape” report from the SAM Seamless Network, was compiled after analyzing anonymized data from 132 million active IoT devices, and 730,000 secure networks.