Most IoT hacks originate in Asia, honeypot data reveals

Most IoT hacks originate in Asia, honeypot data reveals

Most IoT attacks originate in Asia and seek to compromise specific types of unsecured IoT devices, such as video cameras, according to data collected in honeypots by researchers at IT consultancy Dimension Data, part of global telco NTT. 

The Dimension Data report, The Executive’s Guide to the NTT Security 2017 Global Threat Intelligence Report, analyses data from the networks of 10,000 clients across five continents, 3.5 trillion security logs, 6.2 billion attempted hacks and global honeypots and sandboxes located in over 100 different countries.

Read more: Cybersecurity attacks on IIoT infrastructure expected to increase this year

Honeypots shed light on attacks

Over a six month period, security researchers used global honeypot sensors – specialized security tools that pose as ordinary IT systems in order to attract and identify hackers – to monitor IoT attacks.

They used data collected in this way to investigate the geographic source of each IoT attack, to find that six out of ten attacks originate in Asia, with 21 percent from the EMEA region and 19% from the Americas. “Mirai distributed denial of service activity accounted for this significant amount of detections sourced from addresses within Asia,” states the report.

“The most likely reason for the high volume of attacks from Asia is that technology sourced from this region has historically been susceptible and that compromised infrastructure tends to be reused to perpetrate additional nefarious activities,” they add.

They also found that two-thirds (66 percent) were attempting to discover specific IoT devices, such as particular models of video camera. Just three percent were seeking a web server or other type of server and 2 percent were attempting to attack a database. The remainder covered a variety of other targets.

Read more: Security researchers find backdoor in Chinese IoT devices

Beyond DDoS

But while distributed denial of services attacks via IoT devices may be the most recognized kind of attacks, they are not the only threats about which companies need to be aware, according to the report.

Compromised IoT devices, it says, can also be used for spying on individuals or organisations through IoT camera surveillance; obtaining personal information by intercepting data flowing through a device; manipulating operational technology [OT] devices to inflict physical damage; and launching internal or external attacks from the compromised IoT or OT device.

Companies must make security a primary consideration for all IoT and OT device purchases, say the researchers. “Favour devices that have robust built-in security capabilities,” they advise. “If none are available, look at traditional technologies that might be easier to secure.”

Another tip: authorise funding as needed to replace older IoT and OT devices that are no longer supported by vendors. “IoT devices will likely become increasingly difficult to manage. They should be centrally managed, configured and maintained to ensure that effective and appropriate risk and security measures can be implemented,” they write.

And, of course, companies need to ensure that managers know which IoT devices have been implemented and where. “A robust security programme must ensure that asset inventories exist and are maintained,” states the report.

Elsewhere in the report, the researchers consider cyber attacks of all kinds (not just those targeting the IoT), to find that attacks on the government sector doubled in 2016, hiking to 14 percent from just 7 percent of all cyber security attacks in 2015. Attacks on the finance sector also rose dramatically, from just 3 percent in 2015 to 14 percent of all attacks last year. The manufacturing sector came in at third place, accounting for 13 percent of attacks, while retail was in fourth place (11 percent).

Read more: No more security through obscurity for IoT device makers