Vietnam and Taiwan are filled with the most infected IoT devices, according to Kaspersky Lab. A report released on the Lab's SecureList website details a number of findings on the state of global IoT security.
Denis Makrushin, security researcher and project manager at Kaspersky Lab, told SC that these two countries' positions as mass producers of IP cameras and DVR systems is key: “As a result, the popularity of local manufacturers is high in those regions. At the same time, cyber-criminals are not picky in their search for victims, so we see what we see.”
Cyber-criminals are brutally practical and will commonly find the path of least resistance to achieve their goals. “The users of vulnerable IoT-devices are the source of DDoS-attacks using IoT-botnets,” Makrushin said. To this end, “manufacturers have to insert a cyber-security strategy during the development lifecycle to mitigate this threat.”
2016, the report notes, reached new heights for IoT botnet DDoS attacks. Not only did hordes of new insecure IoT devices come into being – Gartner currently predicts there are six billion IoT devices on the planet – but cyber-attacks leveraged that insecurity like never before. The report notes, “Such a huge number of potentially vulnerable gadgets could not possibly go unnoticed by cyber-criminals.”
Mirai malware, which recruited great armies of insecure devices into botnets, highlighted exactly this problem last year. Once Mirai infects a device it scans for similar devices in its proximity before attempting to guess the password from a small library of passwords commonly used on devices. Users rarely change their device passwords from the factory version, making Mirai's simple attack often very effective.
- Mirai could have been much worse if attackers had done their homework.
Mirai botnets broke their own DDoS records on top of each other in 2016. In a mere matter of months, Mirai botnets had made and broken their own records several times with successive attacks on Brian Krebs, French hosting provider OVH and DNS provider Dyn. The Dyn attack caused outages in Reddit, Github and Twitter, among others.
2017 may yet prove an even more fruitful year for those looking to exploit IoT devices. In 2016, researchers detected over 3200 IoT malware samples, in 2017 they've already detected over 7200.
Vietnam and Taiwan topped the list by being the two countries with the highest number of server IP addresses from which malware is downloaded to devices. The highest number of sheer downloads was taken by Thailand and Hong Kong.