View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
March 26, 2019

Attacks on IoT Devices Tripled in 2018 – Non-Standard Ports Increasingly Targeted

Nearly 20 percent of malware now targeting non-standard ports

By CBR Staff Writer

In 2018 attacks on IoT devices more than tripled from 10.3 million to 32.7 million, according to an annual threat report from the network security company SonicWall.

The California-based firm also noted arise in the number of fake ransomware attacks – which smply overwrite the Master Boot Record (MBR) and demand payment; no files are actually encrypted.

IoT devices are ripe to be pwned and sucked into botnets, as users are not changing the device security settings and are instead setting them up with the standard default out of the box security settings, the company notes.

(More than 46 percent of the botnets detected by SonicWall originated from US-based IP addresses. China only accounted for 13 percent of botnet attacks, while Russia and Brazil both account for seven percent).

Fake Ransomware

The company has also been tracking and blocking a number of fake ransomware variants, it added, which overwrite the MBR and demand Monero payment.

“Although files can easily be restored by mounting the filesystem using a live operating system booted via a memory stick, most users will likely consider their files gone and perform a full reinstall. Interestingly, no contact information was provided to “restore” the files and there was no way of verifying if paying the $200 in Monero cryptocurrency would resolve the issue.”

These attacks have been spectacularly unsuccessful, it added. The wallet to which it wanted money sent had received no transactions almost a year after first analysed. The attacker also made no effort to hide the functionality of the fake ransomware: “The malware was written in Delphi and is so straightforward that even a simple listing of strings in the binary instantly revealed its motive.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Non-Standard Ports

SonicWall Capture Labs threat researchers also observed high volumes of non-standard port traffic used by malware, it added, recording a rise in both HTTP and HTTPS traffic through ports other than 80 and 443, as well as FTP traffic on ports other than 20, 21 and 22. (A ‘non-standard’ port means a service running on a port other than its default assignment, usually as defined by the IANA port numbers registry. Ports 80 and 443 are standard ports for web traffic, so they are where most firewalls focus their protection.)

Based on a sampling of more than 700 million malware attacks, SonicWall found that an average of 19.2 percent of all malware attacks came across non-standard ports in 2018, an 8.7 percent year-over-year increase.

“Organizations aren’t protecting this attack vector with the same diligence as standard ports. Because there are so many to monitor, traditional proxy-based firewalls can’t mitigate attacks over non-standard ports (for both encrypted and non-encrypted traffic).”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.