With IoT devices expected to reach tens of billions in the next few years, is it any wonder that cybercriminals are looking for ways to take advantage of this massive attack surface to generate illicit money?
A number of Trend Micro researchers from around the globe decided to look into this and launched a research project to dive into five different cybercriminal undergrounds (Russia, Portuguese, English, Arabic, and Spanish) to identify what conversations are occurring, what attacks and threats are being utilized, and the reasons for using IoT by members of these undergrounds. A detailed report can be downloaded here for those who want to read up on their findings.
I’d like to give you my three key takeaways from the research:
- Not all Undergrounds are alike: Russia has the most experienced membership and are the best at monetizing IoT attacks. Portuguese is next with the other three still very early in their abilities to monetize attacks. A lot of undergrounds include tutorials to help educate members on many different areas of IoT threats. We think this collaboration will improve their abilities quickly and turn this threat into a significant one in the near future.
- Monetization is mainly through botnets: Most of the money today is made through attacks perpetrated by already infected devices that have been turned into botnets. From DDoS to VPN Exit Nodes, malicious actors infect many devices and utilize the power of many to turn their limited computing power into a collective powerhouse. Other actors sell their services to peers who don’t have the knowledge or don’t have the resources to perpetrate an attack.
- Routers are a primary target: In our analysis, many of the attacks and threats being distributed within the undergrounds target routers, mainly consumer routers. Routers are a good target as they access many devices within the network behind it which can then be used to launch attacks against others.
There is no doubt that IoT devices are being used more and more in attacks or as the target of an attack, and there is a lot of chatter within multiple undergrounds around the world to raise awareness and interest around this attack surface. Our report is intended to give information on what cybercriminals are doing now or will be doing with IoT in the future and show it is a global phenomenon.
For consumers and organizations, be aware that devices you own are a likely target for attacks, and most likely today to be added into an existing botnet. Mirai is the dominant IoT threat today and will likely continue as malicious actors create variants of this malware.