Attacks using IoT devices and Windows SMB escalate in 2019

Attacks using IoT devices and Windows SMB escalate in 2019
12.09.2019 09:44 am

Attacks using IoT devices and Windows SMB escalate in 2019

Security and Compliance , Security

Cyber criminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report, “Attack Landscape H1 2019”. The report underscores the threats IoT devices face if not properly secured when online, as well as the continued popularity of EternalBlue and related exploits two years after WannaCry.

F-Secure's honeypots – decoy servers that are set up to lure in attackers for the purpose of collecting information – measured a twelvefold increase in such events compared to the same period a year ago. The increase was driven by traffic targeting the Telnet and UPnP protocols, which are used by IoT devices, as well as the SMB protocol, which is used by the Eternal family of exploits to propagate ransomware and banking Trojans.

Telnet traffic accounted for the largest share of traffic for the period, with over 760 million attack events logged, or around 26 percent of traffic. UPnP was the next most frequent, with 611 million attacks. SSH, which is also used to target IoT devices, had 456 million attacks. Likely sources of this traffic are IoT devices infected with malware such as Mirai, which was also the most common malware family seen by the honeypots. Mirai infects routers, security cameras, and other IoT devices that use factory default credentials.

Traffic to SMB port 445 accounted for 556 million attacks. The high level of SMB traffic is an indication that the Eternal family of exploits, the first of which was used in the devastating WannaCry ransomware outbreak of 2017, is still alive and well, trying to ravage millions of still-unpatched machines.

“Three years after Mirai first appeared, and two years after WannaCry, it shows that we still haven’t solved the problems leveraged in those outbreaks,” said F-Secure Principal Researcher Jarno Niemela. “The insecurity of the IoT, for one, is only getting more profound, with more and more devices cropping up all the time and then being co-opted into botnets. And the activity on SMB indicates there are still too many machines out there that remain unpatched.”

Related News

Lack of IT Security Training is Leaving Businesses Open to Data Breaches, Says Claranet Research

New research by global technology services provider Claranet has revealed that six in ten organisations (61 per cent) believe that their general workforces need much more... Read more »

Expanded F-Secure, Zyxel Co-operation Accelerates the Delivery of Connected Home Security through Service Providers

Cyber security provider F-Secure and broadband networking solutions provider Zyxel are taking their cooperation to the next level by offering F-Secure SENSE connected home... Read more »

Quantum-Proof Crypto from Sectra Receives Approval from the Dutch National Security Authority

The Dutch national security authority, NLNCSA, has approved cybersecurity company Sectra’s (STO: SECT B) latest version of the eavesdrop-proof mobile phone Sectra Tiger/S for... Read more »

F-Secure’s Global Partner Program earns Program of the Year accolades

Forrester-owned SiriusDecisions has recognized cyber security provider F-Secure’s Global Partner Program as the Channel Marketing Program of the Year. The distinction validates... Read more »

Wolters Kluwer Finance, Risk & Reporting Adds to Record Year for Industry Recognition With Bobsguide’s Best Regulatory Reporting System Accolade

Wolters Kluwer’s Finance, Risk & Reporting (FRR) business is enjoying a record year for industry recognition following a number of notable award wins. Most recently Wolters... Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel