Symantec Research Finds IoT Devices Increasingly Used to Carry out DDoS Attacks
September 22 2016 - 5:00AM
Business Wire
Targeted IoT Devices Include Home Networks,
Routers, Modems, CCTV Systems and Industrial Control Systems
Symantec Corp. (NASDAQ:SYMC), the global leader in cyber
security, today revealed new research demonstrating how
cybercriminal networks are taking advantage of lax Internet of
Things (IoT) device security to spread malware and create zombie
networks, or botnets, unbeknownst to their device owners.
Symantec’s Security Response team has discovered that
cybercriminals are hijacking home networks and everyday consumer
connected devices to help carry out distributed denial of service
(DDoS) attacks on more profitable targets, usually large companies.
To succeed, they need cheap bandwidth and get it by stitching
together a large web of consumer devices that are easy to infect
because they lack sophisticated security.
More than half of all IoT attacks originate from China and the
U.S., based on the location of IP addresses to launch malware
attacks. High numbers of attacks are also emanating from Germany,
the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP
addresses may be proxies used by attackers to hide their true
location.
Most IoT malware targets non-PC embedded devices such as web
servers, routers, modems, network attached storage (NAS) devices,
closed-circuit television (CCTV) systems, and industrial control
systems. Many are Internet-accessible but, because of their
operating system and processing power limitations, they may not
include any advanced security features.
As attackers are now highly aware of insufficient IoT security,
many pre-program their malware with commonly used and default
passwords, allowing them to easily hijack IoT devices. Poor
security on many IoT devices makes them easy targets, and often
victims may not even know they have been infected.
Additional findings from Symantec’s research include:
- 2015 was a record year for IoT attacks,
with plenty of speculation about possible hijacking of home
automation and home security devices. However, attacks to date have
shown that attackers tend to be less interested in the victim and
the majority wish to hijack a device to add it to a botnet, most of
which are used to perform DDoS attacks.
- IoT devices are a prime target, since
they are designed to be plugged in and forgotten after basic
set-up.
- The most common passwords IoT malware
used to attempt to log into devices was, unsurprisingly, the
combination of ‘root’ and ‘admin’, indicating that default
passwords are frequently never changed.
- Attacks originating from multiple IoT
platforms simultaneously may be seen more often in the future, as
the amount of the embedded devices connected to the Internet
rises.
Additional information on Symantec’s IoT research can be found
at:
http://www.symantec.com/connect/blogs/iot-devices-being-increasingly-used-ddos-attacks
About Symantec
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber
security company, helps organizations, governments and people
secure their most important data wherever it lives. Organizations
across the world look to Symantec for strategic, integrated
solutions to defend against sophisticated attacks across endpoints,
cloud and infrastructure. Likewise, a global community of more than
50 million people and families rely on Symantec’s Norton suite of
products for protection at home and across all of their devices.
Symantec operates one of the world’s largest civilian cyber
intelligence networks, allowing it to see and protect against the
most advanced threats. For additional information, please
visit www.symantec.com or connect with us on Facebook,
Twitter, and LinkedIn.
View source
version on businesswire.com: http://www.businesswire.com/news/home/20160922005273/en/
Symantec CorporationJennifer Duffourg, +33 6 73 06 50 43Group PR
Manager, EMEA Corporate
Communicationsjennifer_duffourg@symantec.comorMatt Nagel,
650-527-8853PR Managermatt_nagel@symantec.com
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Aug 2024 to Sep 2024
Symantec (NASDAQ:SYMC)
Historical Stock Chart
From Sep 2023 to Sep 2024