According to a new study by cybersecurity experts at F5 Networks, the vulnerability of IoT devices is such that it is becoming an increasingly difficult threat to control.
The latest F5 Labs cyber intelligence report highlights the "thingbots", these networks exclusively composed of IoT devices. Less protected, more difficult to correct and likely to become more numerous than traditional computers, IoT are becoming the preferred vector of attack of cybercriminals who are students.
According to F5 Labs, brute force attacks via the Telnet protocol for IoT devices increased by 249% between 2016 and 2017. The most active countries in this area are China, the United States and Russia. with 44% of the traffic attacks coming from China.
Alarmingly, the same IP addresses and attack networks have been reported by F5 Labs repeatedly over a two-year period, proving either that the malicious traffic goes unnoticed or is allowed.
The most attacked countries are the United States, Singapore, Spain and Hungary.
However, no particular country seems to be in the spotlight of the thingbots. Each of the 10 most targeted countries received only a small proportion of total attacks, with the exception of Spain, which recorded 22% of the December attacks.
In detail, these 10 most targeted countries have suffered a maximum of 44%, and at least 24%, total attacks. This means that vulnerable IoT devices are widely distributed across the globe, making the threat all the more diffuse and difficult to counter.
Surprisingly, F5 Labs noted in the second half of 2017 a decrease in the number of attacks compared to the first half (77% decrease between the first and fourth quarters). It was nevertheless higher than at the height of the Mirai attacks. For the record, Mirai is a malware that became known in September 2016 for the remote control of hundreds of thousands of IoT devices, such as surveillance cameras, routers and digital video recorders.
Based on the traffic volume observed from July to December 2017, F5 Labs estimates that many large-scale thingbots are being created. More worryingly, still according to GF5 Labs: the Mirai attacks had never reached their full potential but had just shown the way.
"IoT devices are not yet consumer products," says Sara Boddy, director of F5 Labs Threat Research. But that will come without a doubt ...
"If we do not change our development standards now, vulnerable IoT devices will be deployed two to three times faster than before, and will be hacked at the same rate. It is the assured chaos between the physical and the virtual worlds. "
Telnet: the end of a vein?
At the heart of the current attacks against IoT, Telnet is a protocol that has been regularly exploited by cybercriminals to cause havoc. F5 Labs, however, found a significant and rapid diversification of attack tactics, and consequently a decrease in the use of the Telnet protocol.
"For at least a year now, attackers have been using other methods of hacking IoT devices," says Sara Boddy. "These are simple methods from a technical point of view, which just require more steps in the plan of attack. They also affect fewer devices as they target non-standard ports and protocols, specific manufacturers, or device types or models in particular. "
For example, F5 Labs indicates that at least 46 million home routers are vulnerable to a remote control injection attack against the TR-069 and TR-064 custom remote management protocols. These protocols have been created to allow ISPs to manage routers deployed to customers' homes. They were exploited by the Annie thingbot, causing major breakdowns to customers of several leading telecom operators. Annie is one of five thingbots developed from different pieces of Mirai code (the others being Persirai, Satori, Masuta and Pure Masuta). Only Persirai and Satori tackle Telnet for the initial feat of the devices.
"It is very likely that thingbots have launched attacks that we will never know and that their authors reap the benefits. Cryptocurrency mining is a good example of an IoT attack that goes unnoticed if it does not have a visible impact on the consumer, such as slowing down the device's performance, "said Sara Boddy."
