IoT cyberattacks have been on a rise, and recently the attacks have increased to a massive scale. According to Kaspersky, the first six months of this year alone have seen over 1.5 billion attacks on smart devices. The main motive behind targeting IoT devices is to steal data, mine for cryptocurrency, and/or develop botnets.
What has happened?
Kaspersky telemetry revealed that the first six months of this year have shown a 100% growth in cyberattacks aimed at IoT devices in comparison to earlier trends.
Attackers are still monetizing the work-from-home situation. They are attacking corporate resources by targeting home networks and in-home smart devices connected to these corporate resources.
Infected devices are used to steal personal or corporate information and mine cryptocurrencies. The infected devices are being added to a botnet to perform DDoS attacks.
Attackers are using weak passwords to infect IoT targets. Moreover, vulnerabilities are being discovered more often in smart devices.
According to the report, there is still a lack of incident readiness since personal devices are being used to access resources in corporate networks. It reduces endpoint visibility and expands the attack surface.
Recent threats on IoT devices
A set of vulnerabilities called BrakTooth has been disclosed, which affects Bluetooth stacks of billions of commonly used devices, including at least 11 vendors’ chipsets.
Just a week ago, a vulnerability was spotted in the Belledonne Communications’ Linphone SIP Protocol Stack. It is one of the first open-source applications that use SIP on Linux. It targeted Linphone and other SIP-based products, including popular VoIP mobile applications and IoT firmware.
In May, the Lemon Duck botnet was targeting IoT devices to exploit computer resources to mine cryptocurrencies. Moreover, it led to more systems being added to the botnet network.
IoT devices are now being used more widely than ever before and have become an essential part of daily operations. At the same time, increasing exploitation of smart devices has become a major concern, which could lead to access inside the corporate networks. Therefore, IoT users are recommended to avoid using default passwords and always update devices with the latest firmware.