IoT Devices Under Constant Attack

IoT, internet of things

Cyxtera research finds sustained attacks, mostly from China, are being conducted against IoT devices

‘Secure your IoT devices’ is the message from security specialist Cyxtera Technologies, after research found that IoT devices are now under constant attack.

The research was conducted jointly by Cyxtera threat researcher Martin Ochoa and researchers from the Singapore University of Technology and Design.

They detected more than 150 million connection attempts to 4,642 distinct IP addresses of IoT devices. And it seems that most of the attacks are stemming from China.

IoT attacks

The findings in the “Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots,” research makes for grim reading for the IoT community.

“Attacks on Internet of Things (IoT) devices, exploiting inherent vulnerabilities, have intensified over the last few years,” warned the report. The researchers used honeypotted IoT devices, whose goal was to be “discovered and exploited by attacks on the Internet, thereby revealing unknown vulnerabilities.”

Over a couple of years, researchers detected more than 150 million connection attempts to 4,642 distinct IP addresses.

The vast majority of these “incoming connections” stemmed from China (64 percent), with 14 percent coming from the United States. The United Kingdom generated nine percent of these connections, Israel (eight percent) and Slovakia (six percent).

And the researchers said that all of their honeypot IoT devices saw attempted logins immediately upon coming online, and the number of login attempts increased steadily over time.

And to make matters worse, within days of new malware campaigns going public, those malware families were used to attack IoT devices from the honeypot.

The researchers found that 54 percent of connections received by the honeypot were via Telnet port, while HTTP ports received almost all of the remaining connections.

And it seems that the attackers were mostly interested in IP cameras, with most of the attacks targetting those devices, but there were also smaller number of attacks on other devices such as printers and smart switches.

“IoT devices are an attractive target for attackers, because they are often a security after-thought and its harder to keep them patched and up-to-date – if patches are even available at all,” said Alejandro Correa Bahnsen, VP of Data Science at Cyxtera.

“The researchers involved in this project accurately detected several large-scale attacks targeting IoT devices and demonstrated the frequency and speed with which these devices are targeted. This approach can be replicated by other threat researchers to broaden our collective knowledge about these vulnerabilities.”

Securing IoT

To help secure IoT devices, Cyxtera has added new functionality to its flagship Zero Trust solution, AppGate SDP.

Essentially, the new capabilities will extend “the benefits of network micro-segmentation and software-defined perimeter to connected IoT devices.”

“The AppGate SDP IoT Connector enables enterprises to enforce consistent access control policies across users, servers, and devices to protect today’s complex and distributed resources,” said the firm.

“The rapid adoption of IoT devices is outpacing the ability to secure them properly,” said Ricardo Villadiego, General Manager, Security & Anti-Fraud at Cyxtera. “These devices are connected to the same network as users, servers, and sensitive data, which creates risks for the network. AppGate SDP’s IoT Connector secures unmanaged devices, restricting lateral movement and reducing an organisation’s attack surfaces.”

Last year nine out of ten Silicon readers told us they were concerned about the security of the Internet of Things (IoT).

Do you know all about security? Try our quiz!