IoT devices become tool for malware attacks, says Symantec

Cybercriminal networks are taking advantage of security shortcomings in Internet of Things (IoT) devices to spread malware and create zombie networks, or botnets, without the knowledge of their device owners, cyber security firm Symantec has found.

Symantec’s Security Response team discovered that cybercriminals are hijacking home networks and everyday consumer connected devices to help carry out Distributed Denial of Service (DDoS) attacks on more profitable targets, usually large companies.

A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.

More than half of all IoT attacks originate from China and the US, based on the location of IP addresses to launch malware attacks.

High numbers of attacks are also emanating from Germany, the Netherlands, Russia, Ukraine and Vietnam.

According to the report, targeted IoT devices include home networks, routers, modems, CCTV systems and industrial control systems.

As attackers are now highly aware of insufficient IoT security, many pre-programme their malware with commonly used and default passwords, allowing them to easily hijack IoT devices since they are designed to be plugged in and forgotten after basic set-up, the company said in a statement.