That’s how much cyberattacks on IoT devices have increased in 2019. These machines aren’t the most secure conveniences in the world, but 300 percent is more than alarming.
This “unprecedented” acceleration of attacks on IoT devices got picked up by the security folks at F-Secure, who issued the warning. The company’s report “Attack Landscape H1 2019: IoT, SMB Traffic” measured more than 2.9 billion events. That’s almost a three-fold increase in attack traffic.
From Millions to Billions
F-Secure uses global decoy servers called “honeypots” disguised as regular hardware. The camouflage attracts “everyday attacks” or the ones that affect normal users daily. The company says that this is the first time the honeypots got attacked over a billion times. Researchers found a link between the increase in cyberattacks and the number of deployed IoT devices worldwide.
No surprise there.
Security experts have long warned about the vulnerabilities present in IoT devices. Some machines have old firmware or outdated architecture. It’s possible that manufacturers never bothered to install security patches in the first place. IT departments may not even be aware of specific devices piggybacking on the network, making it impossible to secure.
How These Attacks Happen
Introducing vulnerable IoT devices into homes and workplaces is risky and irresponsible. If you visit any of the large security software providers, many are already offering security options to protect IoT devices such as Android TV boxes. However, it’s a cat and mouse game between cybersecurity experts and cyber attackers, and the former always seems to be playing catch up.
Attacks can happen on the actual device, like a medical gadget containing valuable patient data – that’s a given. The scarier part is that attackers are using these devices as soft targets to gain access to more extensive networks. An attack on a vulnerable printer to access a secure system is devious and can cause tremendous damage.
What’s even more frightening is that this same playbook is being used by rogue nations and governments who have the resources. The most prominent players where the attack traffic originated from were Russia, China, Germany, and the U.S.
The top target of all these attacks is the U.S. and other European countries.
How to Protect Your IoT Devices from Cyber Attacks: Tips to Follow
With the growing number of threats to IoT devices, you need to start securing everything you own. Here are a few things you should do immediately to protect yourself from cyber attack:
- Retire old or outdated IoT devices that don’t receive security updates and patches anymore.
- Install the latest security patches to all your existing devices.
- Make sure that your devices are not using default credentials like “user” or “admin” and make sure to use strong passwords for each one.
- Ensure your home network is secure and protected with a strong password.
- Never reuse passwords and make it a habit to change them every three to six months.
- Never share your network password with other people.
- Ensure all IoT devices that can be lost or stolen have strong passwords and two-factor authentication (if available). Please turn on the option to wipe the device’s memory in case you can’t retrieve it.
- Install Ad-blocking software on your browser and enable tracking protection.
- Use anti-virus software, enable your firewall, and install a VPN.
- Never use free or open WIFI networks to access sensitive websites that need your login credentials, such as your email or bank. If you must, protect your connection with a VPN.
- Never click on links or open attachments from strangers or companies you’ve never heard of, regardless of the message. If you’re suspicious, Google the URL.
- Don’t give personal details to strangers over the phone.
- Never answer emails from unknown sources because you’re telling the hackers that your email is active.
- If you get an email asking you to verify your details, don’t answer it and call your bank or financial institution instead.
It’s important to note that the most attacked IoT protocols were Telnet (760 million events) and UPnP (611 million events). Because of the focused attacks on IoT devices, researchers found different versions of the malware “Mirai.” Mirai infects IoT devices still using default credentials and turns them into botnets for DDoS attacks.
The researchers also warned that 99.9% of traffic to their honeypots is automated, and attacks can come from anywhere. Your laptop, Android TV, or any infected IoT appliance can be a source.
You’ve been warned.