/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/09/CDTharcUgAEzAom.jpg)
Technology has definitely helped us reach the peaks of development, but at the same time, has left us exposed to the cyber-attacks. And cyber-criminals are taking complete advantage of the insufficient security.
Symantec Corp, the global leader in cyber security, revealed new research demonstrating how cybercriminal networks are taking advantage of lax Internet of Things (IoT) device security to spread malware and create zombie networks, or botnets, unbeknownst to their device owners.
The study noted that cyber criminals are hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies.
In order to succeed, cyber criminals need cheap bandwidth. They get it by stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security.
Based on the location of IP addresses to launch malware attacks, more than half of all IoT attacks originate from China and the U.S.
The study also highlighted that high numbers of attacks are emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP addresses may be proxies used by attackers to hide their true location.
Most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems.
Many attackers pre-program their malware with commonly used and default passwords, allowing them to easily hijack IoT devices. Poor security on many IoT devices makes them easy targets, and often victims may not even know they have been infected.
Other findings include:
1. IoT devices are a prime target since they are designed to be plugged in and forgotten after basic set-up.
2. The most common passwords IoT malware used to attempt to log into devices was, unsurprisingly, the combination of ‘root’ and ‘admin’, indicating that default passwords are never changed.