The Latest Symantec News
Product and Solution Information, Press Releases, Announcements
|Symantec Research Finds IoT Devices Increasingly Used to Carry out DDoS Attacks|
|Posted: Thu Sep 22, 2016 03:47:41 PM|
Targeted IoT Devices Include Home Networks, Routers, Modems, CCTV Systems and Industrial Control Systems
MOUNTAIN VIEW, Calif. – September 22, 2016 – Symantec Corp. (NASDAQ: SYMC), the global leader in cyber security, today revealed new research demonstrating how cybercriminal networks are taking advantage of lax Internet of Things (IoT) device security to spread malware and create zombie networks, or botnets, unbeknownst to their device owners.
Symantec's Security Response team has discovered that cybercriminals are hijacking home networks and everyday consumer connected devices to help carry out distributed denial of service (DDoS) attacks on more profitable targets, usually large companies. To succeed, they need cheap bandwidth and get it by stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security.
More than half of all IoT attacks originate from China and the U.S., based on the location of IP addresses to launch malware attacks. High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam. In some cases, IP addresses may be proxies used by attackers to hide their true location.
Most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems. Many are Internet-accessible but, because of their operating system and processing power limitations, they may not include any advanced security features.
As attackers are now highly aware of insufficient IoT security, many pre-program their malware with commonly used and default passwords, allowing them to easily hijack IoT devices. Poor security on many IoT devices makes them easy targets, and often victims may not even know they have been infected.
Additional findings from Symantec’s research include:
Additional information on Symantec’s IoT research can be found at: