A new report by cybersecurity firm Kaspersky has revealed a concerning rise in Distributed Denial of Service (DDoS) attacks offered on the dark web through Internet of Things (IoT) devices. According to the report, there has been a surge of over 700 advertisements for these services in the year 2023. These attacks are being sold at various prices, depending on the level of DDoS protection and verification required. The prices range from $20 per day to $10,000 per month, with an average cost of $63.50 per day or $1350 per month.
The dark web has become a hub for cybercriminals to trade in exploits targeting zero-day vulnerabilities in IoT devices. These vulnerabilities allow hackers to launch DDoS attacks and deploy malware on these devices. The report also highlights the existence of various strains of IoT malware, with many of them originating from the infamous Mirai malware that gained notoriety in 2016.
The competitive nature of cybercrime has led to the development of new features in these malware offerings to counter rival attacks. Some of these tactics include implementing firewall rules, turning off remote device management, and terminating processes associated with competing malware.
The most common method used to infect IoT devices is through brute-force attacks on weak passwords. These attacks involve hackers trying multiple combinations of passwords until they find the correct one, giving them unauthorized access to the device. Another common method is exploiting vulnerabilities in network services to gain access to the device. Brute-force attacks are predominantly aimed at the unencrypted Telnet protocol, allowing hackers to execute commands and deploy malware.
Kaspersky’s honeypots recorded that during the first half of 2023, nearly 98% of password brute-force attempts focused on Telnet, while only 2% targeted SSH. These attacks were primarily linked to China, India, and the United States, with China, Pakistan, and Russia being the most active culprits.
Furthermore, IoT devices face vulnerabilities from exploits in the services they use. Cybercriminals can execute malicious commands by targeting vulnerabilities in IoT web interfaces, leading to the spread of malware such as Mirai.
Yaroslav Shmelev, a security expert at Kaspersky, emphasized the importance of prioritizing cybersecurity for both consumer and industrial IoT devices. He urged vendors to enhance the security of their products from the beginning and take proactive measures to protect users.
“The IoT world is filled with cyber dangers, including DDoS attacks, ransomware, and security issues in both smart home and industrial devices,” said Shmelev. “Kaspersky’s report highlights the need for a responsible approach to IoT security, obliging vendors to enhance product security from the get-go and proactively protect users.”
In conclusion, the rise in DDoS attacks through IoT devices on the dark web is a concerning trend that underscores the need for robust cybersecurity measures. The report by Kaspersky highlights the various tactics used by cybercriminals, the vulnerabilities in IoT devices, and the geographical distribution of these attacks. It serves as a wake-up call for vendors to prioritize IoT security and take proactive steps to ensure the safety of their users.