F-Secure reports almost 3bn attacks against honeypot servers in first six months of 2019

Unbridled growth in the internet of things (IoT) market is driving a massive increase in malicious online traffic, according to new research from F-Secure.

The Finland-based security vendor detected 2.98 billion attacks against its network of honeypot servers in the first half of 2019. In the same period last year, there were just 231 million.

In its H1 2019 Attack Landscape Report (PDF), researchers attribute the growth to malware targeting unpatched IoT devices, as well as older Windows systems.

F-Secure told The Daily Swig that part of the increase in malicious traffic detection is because the company is using a bigger dataset and a larger number of honeypot servers.

Even so, the volume of attacks per individual sensor has increased, according to F-Secure researcher Jarno Niemela.

Some of this growth was predictable. The increase in IoT-related attacks is being driven by both the increase in IoT deployments and the fact that too many of these connected devices are either difficult to patch, or have no available updates at all.

“Attackers in general are breaking into everywhere they can, and currently IoT devices are [a] very easy target,” he said.

“Even if devices are low-power devices, they still can be used in mining cryptocurrencies, for example Monero. Additionally, the devices can be used as part of a denial-of-service botnet.”


RELATED IoT security storm brewing on the digital underground


Manufacturers remain slow to update IoT hardware, despite numerous warnings from the security industry. Both domestic and commercial IoT devices remain vulnerable, due to simple security flaws, such as relying on factory-set, default passwords.

“The device manufacturers do not have an incentive to [improve security],” Niemela commented.

“In a way they have not fully realised that they are producing devices that are essentially networked computers. In their opinion they are making security cameras, washing machines, or DVR video recorders, and for them, IoT is just another feature.”

Mirai image

Most of the IoT attacks traced by F-Secure appear to come from devices infected by variants of Mirai – the infamous malware strain that came to prominence as the platform behind high-profile DDoS attacks back in 2016.

As many as 2.1 billion honeypot hits were on TCP ports assigned to Telnet – an application protocol that F-Secure says is now rarely used outside of the IoT ecosystem.

The next most common attacks targeted port 445, according to F-Secure. This malign behaviour can be blamed on worms that spread using the Server Message Block (SMB) protocol, such as WannaCry.

Unpatched machines remain an attractive target for cybercriminals, even two years after the WannaCry ransomware attack paralyzed computer networks worldwide.

“Criminals are not really after causing any specific type of symptom,” said Niemela.

“What they want is money, and ransomware is a monetization method that works well enough for criminals to use that as their main method.”

F-Secure said that users need to take urgent steps to protect both IoT devices and older, more vulnerable Windows systems.

“Everyone who connects unprotected devices to the internet and does not set strong passwords and patch devices is in danger,” the researcher warned.

“No IoT device should be connected directly to the internet without being protected by a firewall. Device manufacturers could help things by fixing the security of devices that they are producing.”


YOU MIGHT ALSO LIKE IoT security: India faces growing onslaught of cyber-attacks