Report points out that there has been a recent growth in attacks focused on these devices, especially in the fourth quarter of 2019
Trend Micro, a global cybersecurity benchmark, released a survey warning consumers of a new wave of attacks that seek to compromise home routers on their private networks for the use of Internet of Things (IoT) botnets. The report encourages users to take steps to prevent devices from allowing such criminal activity.
Botnets are networks of terminals that receive commands from hackers, ranging from computers and cell phones to IoT devices, for malicious purposes. There has been a recent growth in attacks focused on routers, especially in the fourth quarter of 2019. This research indicates that the increased abuse of these devices will continue, as attackers are able to easily monetize these infections in secondary attacks.
"With the majority of the population currently relying on home networks to do their jobs and studies, what is happening to their router has never been more important," says Jon Clay, director of global threat communications at Trend Micro. “Cybercriminals know that most home routers are not secure with standard credentials and have intensified attacks on a large scale. For the home user, this means hijacking their internet bandwidth and slowing down the network speed. And for companies targeting secondary attacks, these botnets can bring down a website, as we saw in previous high-profile attacks. ”
Trend Micro's research revealed an increase from October 2019 in crude log-in attempts against routers, where attackers use automated software to try common password combinations. The number of attempts has increased almost tenfold, from about 23 million in September to almost 249 million in December 2019. In March 2020, Trend Micro recorded nearly 194 million brute force logins.
IoT and botnet
Another indicator that shows the increase in the threat scale is the number of attempts by devices to open telnet sessions (network protocol on the Internet or local networks to provide a facility for communication) with other IoT devices. Since telnet is not encrypted, it is favored by attackers - or their botnets - as a way of searching for the user's credentials. At its peak in mid-March this year, some 16,000 devices attempted to open telnet sessions with other IoT devices in a single week.
This trend is worrying for several reasons. Cybercriminals are competing with each other to compromise as many routers as possible so that they can be turned into botnets. These are then sold on underground websites to launch Distributed Denial of Service (DDoS) attacks, or as a way to anonymize other attacks, such as click fraud, data theft and account acquisition.
As explained in the report, there is a thriving illegal market for botnet malware and botnets-for-hire. Although any IoT device can be compromised and transformed into a botnet, routers are of particular interest because they are easily accessible and directly connected to the internet.
Trend Micro makes the following recommendations for home users:
- Make sure to use a strong password. Change it from time to time
- Check that the router is running the latest firmware
- Check the logs to find behaviors that don't make sense to the network
- Only allow logins to the router from the local network
To access the full report, go to: http://www.trendmicro.com/vinfo/us/security/news/internet-of-things/caught-in-the-crossfire-defending-devices-from-battling-botnets
