New research conducted by NTT Security has highlighted how distributed denial-of-service attacks on IoT devices are a major cybersecurity threat for businesses.
The research collated information from NTT partners such as Dimension Data and 10,000 clients across five continents. Data from 3.5 trillion security logs, 6.2 billion attempted attacks, and global honeypots and sandboxes in over 100 countries were analysed.
Over a six-month period in 2016, these global honeypot sensors were used to monitor IoT attacks, with the security firm analysing the attack targets based on the credentials used.
The study found that 66 per cent of attacks were attempting to discover specific IoT devices, such as a particular model of video camera. Another three per cent were seeking a web or another type server, two per cent were attempting to attack a database, and the remaining 29 per cent covered a variety of other targets.
The impact in Australia
The NTT study has been analysed and summarised by Dimension Data in a report entitled the ‘Executive’s Guide to the NTT Security 2017 Global Threat Intelligence Report’.
Mark Thomas, group cybersecurity strategist at Dimension Data, told IoT Hub that although Australia’s involvement in perpetuating the Mirai botnet was minimal, DDoS attacks still originate from our shores, and impact Australian businesses.
“Statistically, the number of open and vulnerable IoT devices specifically within Australia was comparatively so small it hardly registered a blip,” he explained.
“However, we did observe that DoS/DDoS is the single largest attack type sourced within Australia, totalling 24 per cent, and is the second largest attack category we are targeted with, at 22 per cent.
“As more IoT technologies are deployed by business, we anticipate this will have huge ramifications for the state of cybersecurity and business in this region.”
The report flagged the finance sector (34 per cent), retail (27 per cent) business and professional services sector (20 per cent), and government (8 per cent) as those most targeted within the Australian market during the sample period, and Thomas expects those sectors to be particularly vulnerable as IoT technologies are adopted within them.
He added that while the domestic healthcare saw less than one per cent of cyber-attacks directed towards it, he expects that number to increase towards the global average of 17 per cent as digital transformation in that sector accelerates.
Where the attacks come from
According to NTT’s research, 60 per cent of the 2016 attacks originated from the Asian region, with 21 per cent from Europe, the Middle East and Africa (EMEA) and another 19 percent from the Americas. Mirai DDoS activity accounted for the lion’s share of detections sourced from Asian IP addresses.
Thomas said that Australian organisations tend to apply more robust security practices before deployment into the network, including validating security architectures, vulnerability assessments, and configuration hardening.
“We are seeing increased IoT adoption within our clients’ digital business but this tends to be more evenly balanced between growth required for innovation and competitive advantage, versus technology risk considerations,” he said.
He also said that many customers are still in IoT evaluation mode, waiting for technologies to mature, and that there are relatively fewer IoT startups in Australia compared to other regions like North America and Asia – all of which contribute to a lessened impact from IoT-driven attacks.
“There is a mixture of both direct and indirect threats, so we educate our clients to consider all threat vectors,” he said.
“Internet of Things technologies need to be considered as both a potential source and target of attack.”