Mirai and its variants have demonstrated the ease and devastating effects of exploiting vulnerable Internet of Things (IoT) devices. In many cases, the exploitation vector is not sophisticated; rather, adversaries exploit misconfigured devices (e.g. unauthenticated protocol settings or weak/default passwords). Our work aims at unveiling the state of IoT devices along with an exploration of the current attack landscape. In this paper, we perform an Internet-level IPv4 scan to unveil 1.8 million misconfigured IoT devices that may be exploited to perform large-scale attacks. These results are filtered to exclude a total of 8,192 devices that we identify as honeypots during our scan. To study current attack trends, we deploy six state-of-art IoT honeypots for a period of 1 month. We gather a total of 200, 209 attacks and investigate how adversaries leverage misconfigured IoT devices. In particular, we study different attack types, including denial of service, multistage attacks and attacks from infected online hosts. Furthermore, we analyze data from a /8 network telescope covering a total of 81 billion requests towards IoT protocols (e.g. CoAP, UPnP). Combining knowledge from the aforementioned experiments, we identify 11, 118 IP addresses (that are part of the detected misconfigured IoT devices) that attacked our honeypot setup and the network telescope.
|Titel||IMC '21: Proceedings of the 21st ACM Internet Measurement Conference|
|Forlag||Association for Computing Machinery|
|Status||Udgivet - nov. 2021|
|Begivenhed||IMC '21: Proceedings of the 21st ACM Internet Measurement Conference - Virtuel event|
Varighed: 2 nov. 2021 → 4 nov. 2021
|Konference||IMC '21: Proceedings of the 21st ACM Internet Measurement Conference|
|Periode||02/11/2021 → 04/11/2021|