report / Oct 08, 2016

DDoS's Newest Minions: IoT Devices (Volume 1)

by Justin Shattuck, Sara Boddy

The latest evolution of cyber weaponry is brought to you by the default passwords in Internet of Things (IoT) devices. That includes just about every conceivable modern electronic device—from home thermostats, lighting systems, refrigerators, cars, and water meters, to personal fitness devices, toasters, bicycle helmets, toys, and even shoes and clothing.

Today, the number of Internet-connected devices is estimated to be around 15 billion; bullish predictors are claiming that number will reach 20 billion by 2020. Because many users either don’t or can’t change the default passwords, these devices are being used by hackers as the latest minions in their armies of botnets. Why? Because they're ripe for the picking, and most attackers don’t possess the resources they need to generate enormous distributed denial-of-service (DDoS) attacks—at least, not without your help.

In this report, we look at the growth of IoT devices as DDoS attack tools, who is on the hunt for these devices, how they're using them, and which attack trends are emerging.

A sample from the Report: The top 20 countries hunting for IoT devices
 

Here are some high-level observations:

  • China, a major player in cyber-attacks, is unlikely to stop censoring the Internet in its own country or dial back its cyber opposition forces and nation-state espionage activities.
  • Global leaders like the US, Canada, and members of the EU will continue to be top monetary targets because they are strong financial sectors. As a result, a lot of today’s malware is targeted at the financial industry specifically, especially since the release of Zeus in 2011.
  • China, Russia, Ukraine, Brazil, and India will likely remain the top five countries from which DDoS attacks are launched.
  • China, followed by Russia, Romania, Brazil, and Vietnam, are the most likely countries where Command and Control (C&C) servers will be located.

To see the full version of this report, click "Download" below.

MODIFIED: Jul 06, 2017

Tags: , , ,
stay up to date

Get the latest application threat intelligence from F5 Labs.

There was an error signing up.
Thank you, your email address has been signed up.

Follow us on social media.