IoT devices, says F5, have become "the cyberweapon delivery system of choice" for attackers building botnets - collections of Internet-connected devices that are infected and controlled by a common type of malware. Botnets can overwhelm systems with traffic with distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow an attacker access to the device and its connection.
According to the latest report, IoT attack activity grew 280% from the prior six-month period. This included "massive growth" due to the Mirai malware - which turns networked devices running Linux into remotely controlled bots that can then be used as part of a botnet - and subsequent attacks.
In addition, says the report, known botnets like Mirai and Persirai alone don't account for the level of attacking activity, suggesting other "thingbots" - botnets built exclusively from IoT devices - are being built that are still unidentified. These are likely "just ready and waiting to unleash their next round of attacks."
The top attacking country during the reporting period was found to be Spain, accounting for 83% of the attacks. Activity from the previous top attacking country - China - dropped significantly, contributing less than 1% to the total attack volume.
IoT devices - known for being used to launch DDoS attacks - are now, says F5, "also being used in vigilante thingbots to take out vulnerable IoT infrastructure before they are used in attacks and to host banking trojan infrastructure." Such devices are also subject to "hactivism" attacks - those used to promote a political or activist agenda - and are being targeted for cyber warfare attacks by nation states.
The report warns that IoT devices will continue to be "one of the most highly exploitable tools in attackers' cyber arsenals" over the short term, until manufacturers implement better security measures. In the meantime, it says, "every indication is that today's botnets, or 'thingbots,' will become the infrastructure for a future