The latest evolution of cyber weaponry is brought to you by the default passwords in Internet of Things (IoT) devices. That includes just about every conceivable modern electronic device—from home thermostats, lighting systems, refrigerators, cars, and water meters, to personal fitness devices, toasters, bicycle helmets, toys, and even shoes and clothing.
Today, the number of Internet-connected devices is estimated to be around 15 billion; bullish predictors are claiming that number will reach 20 billion by 2020. Because many users either don’t or can’t change the default passwords, these devices are being used by hackers as the latest minions in their armies of botnets. Why? Because they’re ripe for the picking, and most attackers don’t possess the resources they need to generate enormous distributed denial-of-service (DDoS) attacks—at least, not without your help.
In this report, we look at the growth of IoT devices as DDoS attack tools, who is on the hunt for these devices, how they're using them, and which attack trends are emerging.
Here are some high-level observations:
- China, a major player in cyber-attacks, is unlikely to stop censoring the Internet in its own country or dial back its cyber opposition forces and nation-state espionage activities.
- Global leaders like the US, Canada, and members of the EU will continue to be top monetary targets because they are strong financial sectors. As a result, a lot of today’s malware is targeted at the financial industry specifically, especially since the release of Zeus in 2011.
- China, Russia, Ukraine, Brazil, and India will likely remain the top five countries from which DDoS attacks are launched.
- China, followed by Russia, Romania, Brazil, and Vietnam, are the most likely countries where Command and Control (C&C) servers will be located.
To see the full version of this report, click "Download" below.