A DDoS (distributed denial of service) attack conducted using an IoT botnet is in great demand among hackers, according to cybersecurity firm Kaspersky, which notes that there is a “thriving underground economy on the dark web focused on IoT-related services.”
Kaspersky released a statement that was split between a research note and consumer advice. The business stated that for the former, brute-forcing weak passwords continues to be the dominant way for infecting IoT devices, ahead of utilizing network service vulnerabilities. Nearly 98% of password brute-force attacks in the first half of 2023 targeted Telnet, with the remaining attacks targeting the more secure SSH protocol.
More than 700 advertisements for DDoS attack services were discovered on various dark web forums over the same time period by analysts at Kaspersky’s Digital Footprint Intelligence service. In addition, IoT malware that was packaged with infrastructure and supporting utilities was discovered by analysts, along with services that offered exploits for IoT device zero-day vulnerabilities.
The researchers proved what many of the publication’s readers would already have hypothesized: there is tremendous competition among fraudsters using novel IoT malware strains. Many start out as variations of Mirai, the most well-known or infamous botnet. According to Kaspersky, this competition has sparked the creation of features aimed at stopping competing malware, such as putting in place firewalls, blocking remote device management, and ending processes connected to competing malware.
Yaroslav Shmelev, a security specialist at Kaspersky, stated that “we believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities.” “Kaspersky’s report highlights the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and actively protect users,” says the company.
In order to protect industrial and customer IoT devices, the company offered a number of recommendations, including performing routine security audits of OT systems, utilizing ICS (industrial control systems) network traffic monitoring, analysis, and detection, and always remembering to protect both industrial and corporate endpoints.