Cyxtera Technologies, a
secure infrastructure company, has released findings from its joint research effort
with Singapore University of Technology and Design, showing that IoT devices
are under constant attack – with more than 150 million connection attempts over
The report titled the ‘Detection of Threats to IoT Devices
using Scalable VPN-forwarded Honeypots,’ reveals the detection of new
attacks on IoT devices, with a focus on those leveraging zero-day vulnerabilities
for specific devices.
report findings include
- Researchers detected more than 150 million connection attempts to 4,642 distinct IP addresses.
- 64% of incoming connections appeared to originate in China, with another 14% from the United States. This was followed by the United Kingdom (9%), Israel (8%) and Slovakia (6%). Researchers noted that it was difficult to definitively confirm the origination of internet traffic, however, as it is possible to re-route traffic to other locations, frequently employed as an obfuscation technique.
- All IoT devices saw attempted logins immediately upon coming online and the number of login attempts increased steadily over time.
- Within days of new malware campaigns going public – such as Mirai, Satori, and Hakai – those malware families were being used to attack IoT devices from the honeypot. In many cases, the increase in activity was identifiable in the days and weeks before the malware was publicly named.
- 54% of connections received by the honeypot were via Telnet port, while HTTP ports received almost all of the remaining connections.
- IP cameras received the majority of connections in the honeypot, suggesting greater attacker interest in those IoT devices as compared to others such as printers and smart switches. Several recent, large-scale attacks on IoT devices have targeted IP cameras.
“IoT devices are an
attractive target for attackers, because they are often a security
after-thought and its harder to keep them patched and up-to-date — if patches
are even available at all,” says Alejandro Correa Bahnsen, Vice President of
Data Science at Cyxtera. “The researchers involved in this project
accurately detected several large-scale attacks targeting IoT devices
and demonstrated the frequency and speed with which these devices are targeted.
This approach can be replicated by other threat researchers to broaden our
collective knowledge about these vulnerabilities.”
New AppGate IoT Connector extends power of software-defined perimeter
In tandem with the release
of its research, Cyxtera also announced new functionality in its
flagship Zero Trust solution, AppGate SDP, which promises to extend the
benefits of network micro-segmentation and software-defined perimeter to
connected IoT devices. The company says its AppGate SDP IoT Connector
enables enterprises to enforce consistent access control policies across users,
servers, and devices to protect today’s complex and distributed resources.
IoT devices are
increasingly present in enterprise networks and are expected to grow even more
with the advent of 5G networks. According to analyst firm IDC, worldwide
technology spending on IoT is projected to reach $1.2 trillion in
2022. With the anticipated rise in IoT adoption, security issues must
be addressed head-on to fully leverage the power of smart devices in a way that
is safe and managed effectively.
“The rapid adoption of IoT devices
is outpacing the ability to secure them properly,” says Ricardo Villadiego,
General Manager, Security & Anti-Fraud at Cyxtera. “These devices are
connected to the same network as users, servers, and sensitive data, which
creates risks for the network. AppGate SDP’s IoT Connector secures
unmanaged devices, restricting lateral movement and reducing an organisation’s