Cybercriminals are building an “army of things” that is powered by the digital underground, according to Fortinet.
The security company's latest Global Threat Landscape Report covering Q4 2016 reveals the methods and strategies cybercriminals employed during the quarter in detail.
The report confirms that Internet of Things (IoT) devices are sought-after commodities for cybercriminals around the world. Adversaries are building their own armies of "things" and the ability to cheaply replicate attacks at incredible speed and scale is a core pillar of the modern cybercrime ecosystem.
In Q4 2016, the industry was reeling from the Yahoo data breach and Dyn DDoS attack. Before the quarter was halfway done, the records set by both events were not only broken, but doubled.
Meanwhile, IoT devices compromised by the Mirai botnet initiated multiple record-setting DDoS attacks. The release of Mirai’s source code increased botnet activity by 25 times within a week, with activity increasing by 125 times by year’s end.
IoT-related exploit activity for several device categories showed scans for vulnerable home routers and printers topped the list, but DVRs/NVRs briefly eclipsed routers as the thing of choice with a massive jump spanning 6+ orders of magnitude.
Unlike other parts of the world, vulnerabilities in home routers formed the majority of IoT-based attacks in Asia Pacific. Many home routers are manufactured and deployed in this region, resulting in attacks on them being centered here.
Mobile malware become a larger problem than before. Though it accounted for only 1.7% of the total malware volume, one in five organizations reporting malware encountered a mobile variant, nearly all was on Android.
Substantial regional differences were found in mobile malware attacks, with 36% coming from African organizations, 23% from Asia, 16% from North America, compared to only 8% in Europe. This data has implications for the trusted devices on corporate networks today.