Cybercriminals Piggybacking Off 'Lax' Security in Consumer IoT Gear, Says Report

carry out distributed denial of service (DDoS) attacks on more profitable targets, typically large companies, by “stitching together a large web of consumer devices that are easy to infect because they lack sophisticated security,” said Symantec. More than half of all IoT attacks originate from China and the U.S., based on the location of IP addresses used to launch malware attacks, it said. High numbers of attacks also are originating in Germany, the Netherlands, Russia, Ukraine and Vietnam, though attackers may use proxy IP addresses to hide their true location, it said. Most IoT malware targets non-PC embedded devices such as web servers, routers, modems, network attached storage devices, closed-circuit television systems, and industrial control systems, said Symantec. Attackers are aware of insufficient IoT security, it said, and many program their malware with commonly used and default passwords, allowing them to easily hijack IoT devices. Poor security on many IoT devices makes them easy targets, and victims often don’t know they've been infected. Attackers tend to be less interested in the victim, hoping instead to hijack a device to add it to a botnet, most of which are used to perform DDoS attacks, it said. IoT devices are a prime target because they're designed to be plugged in and forgotten after basic set-up, Symantec said. The most common passwords IoT malware used to attempt to log into devices involved “root” and “admin,” an indication, said the company, “that default passwords are frequently never changed.”