Attacks on IoT devices are on the rise. According to Sonic Wall’s Cyber Threat Report for Mid-Year 2021, IoT attack volume in the first six months of 2021 rose 59% over the first six months of 2020. Firedome has collected the top 3 IoT attacks we saw in 2021:
- Verkada security camera attacks
Hackers attacked in March thousands of security cameras developed and managed by Verkada, by discovering a set of Verkada user credentials publicly exposed on the Internet. The hackers were able to hijack control of the cameras to launch future attacks and access video footage stored in the cloud. Verkada was not even aware of the breach until the video feed was posted to Twitter.
- Western Digital’s My Book Live attacks
Western Digital stopped supporting its storage device My Book Live in 2015. A remote command execution vulnerability surfaced in late 2018, but the bug was never fixed. Also, the code that required a valid user password before allowing a factory reset to be activated, was actively removed from the device. This way, hackers were able to wipe petabytes of user data from each device. Devices that are no longer supported are low hanging fruit for hackers!
- BotenaGo attacks
The BotenaGo malware harvested millions of IoT devices into its global botnet. It was discovered by researchers at AT&T, but unusual for botnets, they didn’t discover a connected malicious C2 server to which the malware could transmit all the data collected. Whatever the explanation is, and whatever the path of BotenaGo’s development will be, there is no doubt about the bad intentions of its authors.
You can read about these attacks in more detail at https://firedome.io/blog/top-cyber-attacks-on-iot-devices-in-2021/.
With the necessary prevention technologies in place like the ones to be developed by IoTAC such attacks could have been prevented.