Attacks against Internet of Things (IoT) devices and networks have been escalating throughout 2018 with 32.7 million IoT attacks having been detected during last year by SonicWall, while phishing saw a decrease in volume with most of the attacks being targeted.
While everyone wants to have their devices interconnected and connected to the Internet, many of the estimated 31 billion IoT devices that will be installed by 2020 according to Statista will also come with easy to abuse or no security controls.
This allows malicious actors to compromise and add them to large scale botnets they control by exploiting security flaws impacting them in great numbers or taking control of them using publicly available default credentials.
The fact that IoT manufacturers failed to implement proper security controls to protect this type of devices from remote attacks allowed the number of IoT attacks to increase during last year by 217.5% from the 10.3 million logged by SonicWall in 2017 according to its 2019 Cyber Threat Report.
The botnets tracked by SonicWall while amassing huge numbers of IoT devices during last year were mostly from the U.S., with "more than 46 percent of global botnets originated from U.S.-based IP addresses. The next closest was China at 13 percent."
Luckily, the DDoS and spam attacks that bad actors can use botnets for can be efficiently blocked using "content filter controls to block unwanted or malicious traffic from certain IPs, origin countries or domains about certain topics."
phishing, on the other hand, the most popular attack vector used by threat actors as the initial infection stage in malicious campaigns, saw a decrease in overall volume during 2018 but it became a lot more targeted.
More exactly, while phishing is almost a constant in malware attacks and companies and home users have become increasingly more aware of its dangers, the Email-based attacks have also grown in sophistication seeing that "instead of large, aimless campaigns, cybercriminals launch highly targeted attacks, such as Business Email Compromise (BEC)."
"In 2018, SonicWall recorded 26 million phishing attacks worldwide, a 4.1 percent drop from 2017. During that time, the average SonicWall customer faced 5,488 phishing attacks," says the 2019 Cyber Threat Report.
