The evolution of IoT has changed what many of us may get in our stockings this Christmas. From Wi-Fi enabled kettles to dolls programmed with speech recognition technology, manufacturers across the globe are increasingly exploring ways to engineer digital functionality into devices to meet the needs of 21st century consumers. With great innovation comes an even greater responsibility to keep consumers safe, and recent research we've conducted shows global businesses could well be in the firing line as a result of hackers targeting Christmas gadgets.
The report, entitled 'DDoS's Newest Minions: IoT Devices,' was created using data from our partner Loryka and shows hackers are increasingly searching for products with network connectivity to manipulate for their own means. With one in three Brits set to give gifts leveraging the IoT technology for Christmas this year, the influx of smart products provides a welcome present for hackers. It also creates a major headache for manufacturers, which are under pressure to address these seasonal IoT vulnerabilities and safeguard people.
While the recent attack on internet service provider Dyn publicly marked a new type of cyber-offensive, hackers have been attempting to hijack devices using the IoT for some time. Most are increasingly scanning for devices that are linked to networks to see which of them use telnet (unencrypted) or SSH (encrypted) systems. To most, telnet and SSH are methods of accessing the deeper operating system of a connected device, but to cyber-criminals, they can be used to identify easily exploitable default passwords and install malware or other malicious software.
Our report shows the number of these telnet and SSH scans has increased by 140% year-on-year from July 2015, with the figure increasing significantly from May 2016 onwards, double the previous peak level from the 12-month period. This is indicative of the number of smart devices flooding the market, giving cyber-criminals a better chance of using everyday items using the internet to attack other entities.
The findings also indicate scan volumes by region and show that China is by far the leading source of telnet attack scans over the past 6 months, conducting more than the other 19 countries in the top 20 combined. Interestingly Fridays are the most popular day for conducting SSH attack scans.
As consumer devices become increasingly exploited by hackers, responsibility for cybersecurity must be spread across several stakeholders. With the everyday user looking for seamless, hassle-free products and experiences, they should be empowered with responsibility for their own security. To do this, manufacturers of smart products must provide consumers with simple, intuitive security management methods based on secure infrastructure.
With hackers' tactics evolving constantly, manufacturers must make security a priority as we enter a festive season. The context is ripe for hackers to take advantage of new connected Christmas experiences, but unfortunately others are waiting in the wings to seize information too. So be sure to remember that as the number of IoT devices in your home increase this Christmas - likely too will the cyber-threats.