IOT devices are attacked within five minutes of being connected
The second half of 2018 saw a massive explosion in the 100Gbps- to 400Gbps-sized attacks, according to Nuno Ceitil, consulting systems engineer at Netscout.
During this period, there were some very sophisticated and different methods a lot of groups were using to either cause damage or create a diversion in order to do data exfiltration, he noted.
Ceitil was speaking at ITWeb Security Summit 2019 last week, detailing the key findings of his company’s latest Threat Intelligence Report, dubbed `Dawn of the Terrorbit Era’.
The report, which is published every six months, analyses cyber threats globally, and looks at emerging trends. Netscout curates and analyses about 150 terabytes of Internet traffic a day, which equates to about 30% to 35% of the Internet on a daily basis, he indicated.
Explaining the reason behind the report’s title, Ceitil said it referred to the largest on-record denial-of-service attacks in the world: the 1Tb per second record was broken twice last year. It first happened in late February 2018, with multiple DDOS attacks exceeding or approaching the 1Tb per second traffic volume.
Ceitil said 2018 was a very big year in the cyber threat space, with the Netscout Threat Intelligence Report showing a huge jump in attacks in the second half of the year. “Worryingly, 2017 looked pretty quiet compared to the numbers we witnessed in 2018.
“Globally, there has been a 170% increase in terms of the attacks in the 100Gbps to 200Gbps range. Overall, we saw about a 26%, year-on-year increase in attacks.
IOT devices targeted
The proliferation of the Internet of things (IOT), with more devices carrying an IP stack, means attackers can launch "very nasty attacks" if they can get into these devices, said Ceitil.
Gartner predicts 14.2 billion connected devices will be in use this year. Furthermore, stats from Vodafone’s IOT Barometer 2019 found 34% of businesses now use IOT and 70% of these adopters have moved beyond the pilot stage.
Ceitil noted that brute-force attacks, where threat actors use various combinations of usernames and passwords again and again until they get in, remain the most common way of attacking IOT devices, adding that once plugged into the Internet, IOT devices are attacked within five minutes and targeted by specific exploits in 24 hours.
“More entrants into the IOT space facilitate worm-like propagation of malware and pose significant DDOS threat. APT (advanced persistent threat) actors leverage botnets and large-scale distribution for nefarious and destructive purposes.”
He also pointed out that crime syndicates seem to be going to business school because the report also indicated their business models are changing drastically.
Ceitil told delegates they tracked about 35 nation state groups, which include China, South Korea, Vietnam, Iran and Russia.
Netscout researchers are discovering more nation state groups and finding they are "honing their cyber state craft skills" and are increasingly focused, specifically targeting individuals or various specific verticals.