During the first half of 2019, cybercriminals increased the intensity of both IoT and SMB-related attacks according to a new report from F-Secure.
The firm’s “Attack Landscape H1 2019” report highlighted the threat unsecured IoT devices can pose to businesses and consumers as well as the continued popularity of Eternal Blue and similar exploits two years after the WannaCry ransomware was released on the world.
F-Secure uses decoy servers called honeypots to lure in attackers to collect information on their activities and this year its honeypots measured a twelvefold increase in IoT and SMB-related attacks compared to the same period a year ago. This increase was driven by traffic targeting the Telnet and UPnP protocols, which are used by IoT devices, as well as the SMB protocol, which is used by the Eternal family of exploits to spread ransomware and banking Trojans.
Telnet, UPnP and SMB traffic
The largest share of traffic during H1 2019 was led by Telnet with over 760m attack events logged or around 26 percent of traffic. UPnP was the next most frequent with 611m attacks followed by SSH, which is also used to target IoT devices, at 456m attacks.
IoT devices that have been infected with malware such as Mirai are likely sources of this traffic as Mirai was the most common malware family observed by F-Secure’s honeypots. Mirai targets and infects routers, security cameras and other IoT devices which use factory default credentials.
F-Secure also found that traffic to SMB port 445 accounted for 556m attacks. The high level of SMB traffic indicates that the Eternal family of exploits, which were first used in 2017’s WannaCry ransomware outbreak, are still being used by cybercriminals looking to target millions of machines that have not yet been patched.
Principal researcher at F-Secure, Jarno Niemal provided further insight on the report’s findings, saying:
“Three years after Mirai first appeared, and two years after WannaCry, it shows that we still haven’t solved the problems leveraged in those outbreaks. The insecurity of the IoT, for one, is only getting more profound, with more and more devices cropping up all the time and then being co-opted into botnets. And the activity on SMB indicates there are still too many machines out there that remain unpatched.”