Brute-forcing doesn’t need much brute, or much force…
55% of passwords on Internet of Things devices are 123456, according to a study released by cybersecurity company Symantec.
Internet of Things (IoT) attacks are on this rise this year, as noted in its Threat Landscape Trends Report for the first quarter of 2020, which is worrying as they are typically spectacularly under-protected.
(Cybersecurity company Palo Alto has also reported that 98 percent of IoT device traffic is unencrypted…)
Read This! JIRA Tickets, Jabber Servers and… Gmail Accounts? FBI Papers Reveal Cyber Criminals’ IT Infrastructure
With everything from thermostats to speakers online, that is a huge amount of data up for grabs for anyone who can spare enough time to guess 123456.
Once taken over, the device will be used within a botnet to attack more devices. The highest number of attacks are emanating from the US at the moment, at 23 percent, closely followed by China, at 19 percent. This means that America and China are the two countries worst hit by IoT attacks.
Palo Alto’s March threat report went into further detail:
“We’re witnessing a shift away from attackers’ primary motivation of running botnets to conduct DDoS attacks via IoT devices, to malware spreading across the network via worm-like features, enabling attackers to run malicious code to conduct a large variety of new attacks”.
IoT attacks are not the only cyber threat on the rise in 2020.
Business Email Compromise (BEC) scams have resulted in £1.77 billion in losses for victims, Symantec found.
Almost 31,000 organisations have been targeted so far in 2020, making them the most damaging and effective type of cyber crime, at least according to the FBI, who cited BED scams as one of the top three cyber crimes with the highest reported losses, as stated in their 2019 Internet Crime Report.
Phishing attacks have also made a comeback. After a slump in 2019 they are back fighting fit in 2020, now accounting for one in every 4,200 emails, claims Symantec. This figure is startling as there are on average 306.4 billions emails sent each day in 2020.
The popularity of phishing attacks has been ascribed to the pandemic, as hackers have been trying to make the most out of the population’s panic, as well as home phishing kits, which allow novices to get much further than they normally would.
There were 7,836 websites compromised with formjacking code in Q1 2020, up from 7,663 the previous quarter.