Ten Years After the First IoT Cyberattack: What Lessons Did We Learn?

Fiction has landed in the present. Both television series and movies have shown scenarios where humanity is immersed in technology, which is increasingly necessary to facilitate humans’ activities. These technology-plagued worlds can easily be associated with the so-called Internet of Things (IoT).

Although there are different definitions of IoT, it is generally understood as «smart devices». For example, refrigerators that can notify you when a product is finished or autonomous cars. But there are also smaller, less fancy objects, such as thermostats or coffee machines. These gadgets are integrated with electronics, software, sensors and Internet connectivity.

While these technologies bring countless benefits like almost any technology, it has also opened the door for cybercriminals to try to take advantage of it.

«As users’ interest in technologies and devices that connect to the Internet grows, so does the attack surface, with greater possibilities for cybercriminals to find or develop ways to attack systems or defraud users,» explains Miguel Angel Mendoza, Computer Security Researcher at ESET Latin America.

Smart devices can be exploited in different ways by attackers, for example, to obtain confidential information from users or companies, which can then be traded on the black market. However, this is not the only reason for developing computer threats focused on smart devices.

The first cyberattack on IoT was reported in 2013, in which more than 100,000 users were affected. It was a botnet that aimed to send mass emails, managing to send around 750,000 messages. The botnet was able to exploit vulnerabilities in devices, including home network routers, Internet-connected media centers, smart TVs and even a refrigerator.

At the end of 2016, massive IoT attacks occurred due to the number of unprotected digital devices connected to the Internet, such as home routers and surveillance cameras. Attackers infected thousands of them with a malicious code to form a botnet called Mirai, used to carry out Denial of Service (DoS) attacks.

Although it was not a sophisticated means of attack, its impact lay in the number of compromised devices, which received malicious instructions to make requests to servers and Web sites of several companies, managing to overwhelm them and take them offline due to the number of requests received simultaneously.

Learning from the first cyberattack

Nearly 10 years since that incipient IoT attack, it is still evident to this day how cybercriminals are intensifying their methods of compromising smart devices and Internet connections.

«These types of attacks continue to occur today, largely because the devices are not adequately protected. For example, many of these devices are never configured prior to use, which means that they use default and factory passwords, or use passwords that are easy for attackers to guess; another weakness is associated with the lack of updates, which leads to the possible exploitation of vulnerabilities,» Mendoza explains.

In 2021, other botnets have gained prominence and are spreading even though their operators were arrested, such is the case of the Mozi botnet that peaked in 2021 and is gradually losing notoriety.

However, other threat actors are targeting IoT devices, some using older malware and vulnerabilities, while others are trying to exploit recently reported flaws. The former is well illustrated by the detected activity of a recent Mirai variant, while the Dark.IoT botnet is exploiting several 2021 flaws.

2022 is likely to bring competition between new malicious actors, along with known and recent flaws. ESET’s telemetry data in 2021 showed some conservative activity by cybercrime groups, but this can also be seen as practices and improvements in the security of new IoT devices, making exploitation slower and more costly.