Cyxtera Technologies, a global secure infrastructure company, has released new research which has revealed that IoT devices are continuously being attacked, particularly those leveraging zero-day vulnerabilities for certain devices.
The report, titled ‘Detection of Threats to IoT Devices using Scalable VPN-forwarded Honeypots,’ underscores some key findings from the study that was jointly conducted by researchers from the Singapore University of Technology and Design and Cyxtera threat researcher Martin Ochoa. They found that more than 150 million connection attempts to 4,652 distinct IP addresses, among which some 64 percent of incoming connections originated in China and 14 percent from the U.S.; followed by the U.K. with nine percent, Israel with eight percent, and Slovakia with six percent.
Immediate attempted logins were witnessed by all IoT devices as soon as systems went online and the number of login attempts gradually increased over time. As soon as new malware campaigns like Mirai, Satori, and Hakai went public, these malware families were used to attack IoT devices from the honeypot. In most cases, there was a rise in activities that were recognized in the days and weeks before the malware was publicly named.
Since IoT devices have little to no built-in security features, they are often targeted devices by hackers. With the advent of IoT devices in homes and offices, hackers also developed more cunning ways to exploit them. Adopting security habits can prevent a variety of IoT attacks. Here are some precautions you should take to protect your IoT devices:
- Set passwords – Not many people know they can set passwords for IoT devices, making their gadgets easy to hack. You have to make sure to set new and strong passwords – preferably with a combination of upper- and lowercase letters, numbers, and symbols. It may be a pain to have to remember it, but if you use a password manager to keep up with your unique logins, it’s worth it in the long run.
- Disable Universal Plug and Play (UPnP) – UPnP helps IoT gadgets discover and connect to other network devices. But this feature also serves as a gateway for hackers to infiltrate your devices and network. To prevent this, disable this feature.
- Create a separate network – It’s a good idea to keep your IoT devices connected to their own network that’s separate from your main office network. This way, gadgets can connect to the internet but won’t have access to mission-critical feature. You can also invest in device access management tools. These allow you to control which devices can access what data, and prevent unauthorized access.
- Update your firmware – You need to keep your software up to date if you want to secure your devices against cyberattacks. Manufacturers are always releasing new patches for the latest vulnerabilities, so make it a habit to check and install IoT firmware updates regularly. If you have several devices, use patch management software to automate patch distribution and schedule regular updates.
- Unplug it – Simply disconnecting your device or turning them off when not in use can significantly reduce your vulnerability to cyberattacks. It removes potential entry points into your network and minimizes the change of unauthorized access to your network.
With the advent of IoT devices in homes and offices, hackers also developed more cunning ways to exploit them. Adopting the above mentioned security habits can prevent a variety of IoT attacks.