Latest Cyber Threats Looming Over IoT Devices

IoT devices targeted by malware attacks

• In May 2020, Kaiji botnet was found using infected IoT devices to launch DDoS attacks and carry out more SSH brute-force attacks against other devices.
• In April 2020, Mozi malware was observed, which was developed by combining the code from Gafgyt, Mirai, and IoT Reaper malware. It could target unpatched IoT devices including home routers and DVRs to form a peer-to-peer (P2P) botnet.
• In February 2020, a self-spreading variant of the Lemon Duck malware targeted IoT devices embedded with Windows 7, targeting roughly 200 million devices worldwide.

Research reports

• According to the 2020 Unit 42 IoT Threat Report, a full 98 percent of all IoT device traffic is still unencrypted, exposing personal and confidential data on the network. 
• In October 2019, research by Northeastern University and Imperial College London indicated that 56% of US IoT devices and 83.8% of UK devices have been exposing information to third parties.

Other threats to IoT devices

• The attackers may leverage the common vulnerabilities affecting many IoT devices, like the SweynTooth vulnerability found in certain medical devices using Bluetooth Low Energy, or the Telnet backdoor vulnerabilities present in millions of IoT radio devices.
• In August 2019, the Russia-based cyber-espionage group, Fancy Bear, had compromised IoT devices to infiltrate corporate networks. This was done using the manufacturer's default passwords for some devices, while other devices were compromised by exploiting unpatched vulnerabilities.
• Besides these, intruders have been observed attempting a wide range of attack vectors like brute-force attacks, eavesdropping, etc, to target IoT devices.

How to stay safe