Cyxtera: IoT Devices Under Constant, Widespread Attack

IoT devices are under constant attack, with more than 150 million connection attempts to more than 4,600 distinct IP addresses over 15 months.

That’s according to new research by Cyxtera threat researcher Martin Ochoa and researchers from the Singapore University of Technology and Design. The report reveals the detection of new attacks on IoT devices, especially those leveraging zero-day vulnerabilities for specific devices.

Cyxtera’s Jason Garbis

Jason Garbis, Cyxtera’s vice president of product, tells us MSSPs need to take a “hard look” as to whether they are protecting the “huge” number of nontraditional devices for their clients. The velocity of attacks is “stunning,” he said.

“If not, they have a big gap that puts both them and their customers at risk, and it will be exploited sooner rather than later,” he said. “This research reinforces the need for MSSPs and security providers to help customers get a handle on IoT security risk, and recommend solutions that integrate with the rest of their security architecture. Organizations must assess the impact IoT devices have in their environment, harden defenses and develop a strategy to manage risk.”

Some 64 percent of incoming connections seemed to originate in China, with another 14 percent from the United States. This was followed by the United Kingdom, Israel and Slovakia.

All IoT devices saw attempted logins immediately upon coming online and the number of login attempts increased steadily over time, according to the research. Within days of new malware campaigns going public – such as Mirai, Satori and Hakai – those malware families were being used to attack IoT devices from the honeypot — a computer or computer system intended to mimic likely targets of cyberattacks.

In many cases, the increase in activity was identifiable in the days and weeks before the malware was publicly named.

IP cameras received the majority of connections in the honeypot, suggesting greater attacker interest in those IoT devices as compared to others such as printers and smart switches. Several recent, large-scale attacks on IoT devices have targeted IP cameras.

“IoT presents a universal security challenge for everyone,” Garbis said. “Devices like cameras, printers, cars, coffee pots and TVs are communicating over the internet. These devices were devised to be smart – not secure – which has created incredible risk. The opportunity for security providers is to provide customers with assessment services to address security gaps and recommend solutions, like microsegmentation, which can prevent unauthorized network access to devices. Enterprises must be able to enforce access control policies across users, servers and devices — including IoT, to reduce the attack surface.”

Cyxtera also announced new functionality for its Zero Trust offering, AppGate SDP, that extends the benefits of network microsegmentation and software-defined perimeter to connected IoT devices. The AppGate SDP IoT Connector enables enterprises to enforce consistent access control policies across users, servers and devices.

“The rapid adoption of IoT devices is outpacing the ability to secure them properly,” said Ricardo Villadiego, Cyxtera’s general manager of security and antifraud. “These devices are connected to the same network as users, servers and sensitive data, which creates risks for the network. AppGate SDP’s IoT Connector secures unmanaged devices, restricting lateral movement and reducing an organization’s attack surfaces.”