IoT devices are a popular target for cybercriminals. On the Darknet, these attacks are offered as a service. In particular, services for DDoS attacks carried out via IoT botnets are currently very popular.
Services for attacks on IoT devices are increasingly being offered on the dark web. Kaspersky security experts identified over 2023 advertisements for DDoS attack services in various darknet forums in the first half of 700.
DDoS attack services for $63,50
In particular, services for DDoS attacks that are carried out via IoT botnets are obviously very popular with cybercriminals. The costs for these services vary - depending on the existing DDoS protection, CAPTCHA or JavaScript verification. On the victim side, they cost anywhere from $20 per day to $10.000 per month. On average, such services are offered for $63,50 per day or $1.350 per month.
Exploits for zero-day vulnerabilities in IoT devices as well as IoT malware - including the corresponding infrastructure and supporting programs - also seem to be popular.
Many dangers for IoT devices
“We recommend that manufacturers make cybersecurity of consumer and industrial IoT devices a higher priority. Changing default passwords on IoT devices and consistently providing patches to fix vulnerabilities should also be mandatory. The IoT world is fraught with cyber threats, including DDoS attacks, ransomware, and security issues in both smart home and professional devices. Our analysis highlights the need for a responsible approach to IoT security; It’s up to manufacturers to improve product security and proactively protect users,” comments Yaroslav Shmelev, security expert at Kaspersky.
Kaspersky tips for protecting industrial and personal IoT devices
- Conduct regular security audits of operational technology (OT) systems to identify and remediate potential vulnerabilities.
- Leverage dedicated ICS solutions to monitor, analyze and detect network traffic to protect against attacks that threaten technological processes and critical business resources.
- Protect industrial endpoints as well as those in the office network. Kaspersky Industrial CyberSecurity includes specialized endpoint protection and network monitoring to identify suspicious and potentially malicious activity on the industrial network.
- Before implementing IoT solutions, carefully review the security status of a device. Devices that have cybersecurity certificates and products from manufacturers that pay close attention to information security should be preferred.
- For smart home devices, replace the default password with a strong, complex password. A reliable password manager, like Kaspersky Password Manager, helps create and store strong passwords.
- Serial numbers, IP addresses, and other sensitive information about smart devices should never be shared on social media.
- Stay informed about the latest information regarding discovered IoT vulnerabilities.
- Before purchasing, read reviews and research on the security of the devices and pay attention to how a manufacturer reacts to discovered security gaps. If problems reported by researchers are resolved quickly, that's a good sign
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/