Cybercriminals are increasingly targeting Internet of Things (IoT) devices, Kaspersky said in a new report, warning that there’s a “thriving underground economy on the dark web focused on IoT-related services.”
In the report published on Thursday, Sept. 21, Kaspersky highlighted how threat actors compromise IoT devices using brute-force attacks and malware. Cybercriminals also exploit vulnerabilities in network services. The report underlined the urgent need to improve the security of IoT devices.
One of the main reasons cybercriminals target IoT devices is to create DDoS (Distributed Denial of Service) botnets. “Of all IoT-related services offered on the dark web, DDoS attacks are worth examining first. Botnets made up of IoT devices and utilized for distributed DoS attacks have become more prevalent on dark web forums and are in high demand among hackers,” the report said.
In the first half of this year, Kaspersky analysts found more than 700 ads for DDoS attack services on dark web forums. These services were priced at about $20 per day to $10,000 per month, depending on various factors like “DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side.”
IoT Threats on the Dark Web
Security experts have since warned that the growing number of IoT devices in homes and public spaces presents a wider attack surface for cybercriminals to exploit.
Besides IoT-related services for DDoS attacks, Kaspersky researchers also found active listings for IoT hacking services, exploits for IoT vulnerabilities, and IoT malware on dark web marketplaces.
According to Kaspersky, inherent software vulnerabilities in IoT devices make them prime targets for cyberattacks. The attack methods for IoT infections “include brute-forcing weak passwords and exploiting vulnerabilities in network services.”
“Brute-force attacks are fairly common as Telnet and SSH services running on IoT devices typically use widely known default passwords,” the report said.
Besides targeting weak passwords, threat actors also take advantage of vulnerabilities by injecting malicious code into requests. The company said this method was considerably effective in cases like “vulnerability in the TR-064 protocol implementation,” which led to the rampant spread of the Mirai botnet.
“In addition, the dark web marketplace offers exploits for zero-day vulnerabilities in IoT devices, as well as IoT malware bundled with infrastructure and supporting utilities,” it added.
Kaspersky highlighted various types of IoT malware found on the dark web, including ransomware, crypto miners, DNS changers, proxy bots, and DDoS botnets. Some sellers even specify the type of IoT device they target.
The report also stressed the breach of personal privacy linked to IoT breaches, stating: “Attackers have shown interest in Web-connected video cameras, as evidenced in ads for buying and selling access to compromised IoT devices.”
There have been reports of private camera footage being shared on obscure websites. In July, NordVPN released a report about one such website called Insecam, which was broadcasting footage from over 1600 cameras without their owners’ knowledge or permission.
“An illustration of that is a recent incident involving a Moscow Oblast, Russia resident who found that private footage shot by a camera she had purchased on AliExpress to monitor her dog has somehow found its way onto some Chinese websites,” the report said.
Protecting Your IoT Devices
“IoT devices attract hackers for many reasons… most connected devices, including those in industrial environments, remain easy prey due to the use of default passwords and the presence of device vulnerabilities, some of which the vendors never get to fixing,” the report warned.
Kaspersky’s findings emphasize the importance of vendors improving the cybersecurity defenses of their products. This is especially crucial as IoT devices are expected to exceed 29 billion by 2030.
To address these growing concerns in the U.S., the White House plans to create security labels for IoT devices to help consumers identify secure devices and encourage vendors to meet high-security standards.
If you use IoT devices, we recommend updating the firmware regularly and using a secure password. You can use a trusted password manager like NordPass to generate and store passwords.
Where possible, enable two-factor authentication for your IoT devices to add an extra layer of security. Keep IoT devices on a separate network segment from primary devices, and before any purchase, research the manufacturer’s security track record. Using privacy tools like a VPN and antivirus can also go a long way to safeguard your IoT ecosystem.
For more dark web insights, follow us on X (Twitter), Threads, and Mastodon!
