In the Internet of Things (IoT) ecosystem today, cyberattacks are becoming more diverse and sophisticated with cybercriminals taking over home network routers to launch attacks on smart home devices.
Trend Micro’s recent report shows more than 1.8 million cyberattacks have been conducted through home network routers in the past six months. Eight percent of these attacks were outbound attacks where hackers were able to access a home device, then remotely execute malware to obtain confidential information such as passwords or intercept contents transmitted by the affected devices.
“As the value of infecting connected devices continues to rise, these attacks will become increasingly prevalent, particularly impacting the countries outlined in this report,” said Richard Ku, senior VP, commercial IoT Business & market development, Trend Micro. “Our research shows that the use of connected devices for Bitcoin mining has nearly doubled in just a few months. The increased use for malicious gains paired with the significant growth of the industry makes an ideal market for cybercriminals to exploit.”
Top ten affected countries
The United States, China and the United Kingdom were the three top countries affected by smart home attacks by cyber criminals. Below is a list of the top ten affected countries, which account for approximately seventy percent of globally detected incidents on smart homes by Trend Micro, further indicating that security issues of smart home devices are a global threat.
- United States: 28%
- China: 7%
- United Kingdom: 7%
- Hong Kong: 5%
- Canada: 5%
- Australia: 4%
- Sweden: 4%
- Netherlands: 4%
- Taiwan: 3%
- Russia: 3%
Inbound vs outbound attacks
Cybercriminals that attack home network systems classify the two main types of cyberattacks on home devices as inbound and outbound attacks. Desktops, laptops and IP cameras are the most common targets for inbound attacks, while DNS amplification attacks are the most common outbound attack. Nearly eighty percent of all attacks that occur on a home router are outbound attacks.
Trend Micro has found that the number of incidents where IoT devices are controlled by cybercriminals for Bitcoin mining has nearly doubled from February to June 2017. It is predicted that as the value of Bitcoin and Ethereum continues to rise, these type of related attacks will continue to become more prevalent.
Risks of smart home devices
According to the research, there are three major risks of smart home devices:
Long-term exposure to unprotected networks: Most smart home devices connect to external networks via routers, and many consumers tend to overlook the router’s security protection, which will allow hackers to exploit vulnerabilities of devices or home network and freely control all home connected devices. This further exposes all family members to serious risks of personal information leaks.
No change of default passwords: Devices used in smart homes such as routers and web cameras often share the same system so it can be conveniently managed. With this however, users leave their devices with default passwords, providing hackers easy access to these devices.
Low replacement rate of home devices plus infrequent firmware/software updates: Most home-connected devices, like PCs and smart TVs, the product life cycle is not short and will not be frequently replaced. The devices’ software system is seldom updated. Overlooking the firmware and system updates both contribute to the increase of cyber security threats.