Mirai and SMB Attacks Dominate 1H 2019
Attacks on IoT devices using Mirai and its variants and raids against the Windows SMB protocol dominated the first half of 2019, according to new data from F-Secure.
The Finnish security vendor analyzed its global network of honeypots to find the number of “attack events” in the first six months of 2019 was 12 times higher than the same period in 2018.
The largest share, 760 million events, came via the Telnet protocol, followed by 611 million events on UPnP, both of which are used by connected devices.
The malware found in F-Secure’s honeypots was predominantly versions of Mirai, the infamous strain which searches for exposed IoT endpoints before cracking those open that are protected only by default credentials.
SMB port 445 also featured strongly, with 556 million events. This indicates continued interest on the part of cyber-criminals in exploiting the protocol targeted by the WannaCry hackers. According to F-Secure, it remains popular due to the high number of unpatched servers around the world.
In fact, Kaspersky data from last November revealed that WannaCry hit almost 75,000 users in Q3 2018.
“Three years after Mirai first appeared, and two years after WannaCry, it shows that we still haven’t solved the problems leveraged in those outbreaks,” said F-Secure principal researcher Jarno Niemela.
“The insecurity of the IoT, for one, is only getting more profound, with more and more devices cropping up all the time and then being co-opted into botnets. And the activity on SMB indicates there are still too many machines out there that remain unpatched.”
The report also revealed a decline in crypto-jacking, suggesting that this had been influenced by lower prices for digital currency and the shutting down of CoinHive earlier this year.
However, ransomware is once again a major threat. Interestingly, the most popular attack vector is RDP (31%), revealing that easily brute-forced passwords are a key security risk. Second most popular was email spam (23%), followed by compromised firmware/middleware.