Kaspersky have discovered some alarming news about the Internet of Things (IoT). It found that cybercriminals are causing trouble in the world of IoT. They predict that by 2030, there will be more than 29 billion IoT devices and these hackers have been up to no good. The research tells how bad guys work, what they do on the hidden parts of the internet and the nasty software they use.
The primary concern is the flourishing secret market found on the dark web, where they offer services related to IoT. What’s particularly alarming is that hackers have a strong desire to launch DDoS attacks using IoT botnets. In just the first half of 2023, Kaspersky’s Digital Footprint Intelligence service spotted over 700 ads promoting DDoS attack services on different hidden web platforms.
These shadowy services come at varying costs based on factors like DDoS protection, CAPTCHA and JavaScript verification on the target’s side. Prices span from a modest $20 per day to an astonishing $10,000 per month, with an average of $63.5 per day or $1350 per month. Simultaneously, the dark web marketplace provides resources for exploiting zero-day vulnerabilities in IoT devices, as well as packaged IoT malware complete with infrastructure and supporting tools.
The primary method cybercriminals use to infect IoT devices continues to be brute-forcing weak passwords followed by exploiting vulnerabilities in network services. Brute-force attacks on devices often target Telnet, a widely used unencrypted protocol. Hackers use this method to gain unauthorized access by cracking passwords, enabling them to execute malicious commands and deploy malware. Although SSH, a more secure protocol, is also susceptible. It poses a greater challenge for attackers in terms of resources.