Kaspersky prevents about 300,000 attacks on IoT devices in sub-Saharan Africa, provides safety tips for users

Avatar
Kaspersky prevents about 300,000 attacks on IoT devices in sub-Saharan Africa, provides safety tips for users

Kaspersky, the cybersecurity and anti-virus provider, has disclosed that it successfully blocked 45,562 cyberattacks on Internet of Things (IoT) devices in Kenya and 30,089 cyberattacks on IoT devices in Nigeria and 221,695 in South Africa.

These attacks were altered on Kaspersky honeypots – decoy devices utilized to lure the attention of cybercriminals and analyze their activities.

IoT devices are wearables, smart home appliances, smart city systems, self-driving cars, automated retail checkouts, and other smart devices for home and business use. These devices transmit and transfer data through a wireless network without third-party interference. Cybercriminals use networks of infected smart devices to conduct DDoS attacks or as a proxy for other types of malicious actions.

Kaspersky prevented more than 75,000 infiltration on IoT and gives protection tips to users
Kaspersky prevented more than 75,000 infiltrations on IoT devices in Kenya, Nigeria

Attacks on IoT devices have increased over the years. This is proportional to the activity of criminal actors and the increasing number of IoT devices in use. Open research in 2020 revealed that 42,4 million IoT devices were operating in Sub-Saharan Africa, which is expected to reach 264 million by 2030. Cybercriminals are intensifying their attacks regarding the weak security of IoT devices.

A brute force attack uses trial-and-error to guess login and password info or encryption keys, with hackers working through all possible combinations to guess correctly. In the African region throughout 2022, there were over 93,000 attempts to infiltrate logins and passwords to IoT devices using only the most recognized combinations (examples are provided in the table below); the total number of brute force attempts is even higher.

UsernamePasswordCount of brute force attempts
rootPon5215428
rootZte5213623
rootroot2174
rootsamsung1234
adminadmin2092
adminpassword997
nprocnproc19798
Examples of the most popular brute force login combinations for IoT devices in the African region:

According to Vladimir Dashchenko, a security expert at Kaspersky ICS CERT, “As the number of IoT devices grows and attacks intensify, cybercriminals use both advanced and simple tactics to infiltrate smart devices.

One of these tactics is using simple password and login combinations – our research showed that on hundreds of thousands of IoT devices the most common login-password combinations are admin-admin, guest-guest, or other variants that come as default on different kinds of equipment.

It is easy to change the default password, so we urge everyone to take this simple step towards securing your smart devices.”

He explained that IoT vendors should consider implementing the advanced generation cybersecurity approach in their products. That is, devices would feature innate, built-in protection that would make them Cyber Immune. Such technology is already available on the market, including offers from Kaspersky. An example of this offer is the Kaspersky IoT Secure Gateway system, designed to mediate a secured gateway for the “Internet of Things” on an enterprise network.

8.7% of African users experienced phishing attacks in 2022 - Kaspersky report
Kaspersky prevented more than 75,000 infiltrations on IoT devices in Kenya, Nigeria

Observing the different IoT devices and their related cybersecurity risks, the need for their protection is indisputable, especially the smart cities or critical infrastructure. Moreover, basic measures can not be considered substantial for IoT protection, so specialised security solutions must be implemented.

Read More; 8.7% of African users experienced phishing attacks in 2022 -Kaspersky report

Kaspersky’s safety recommendation to its users

Here are ways users can keep their devices secured.

  • Installation of updates for the firmware a customer uses as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.
  • Periodical rebooting will hasten the elimination of already installed malware (although, in most cases, the risk of reinfection will remain).
  • Changing the factory passwords at initial setup, using complex passwords of at least 8 characters long, including upper and lower-case letters, numerals, and special characters.
  • Using a stable access policy, network segmentation and a zero-trust model. This will also help minimize the spread of infiltration and protect the most sensitive parts of the infrastructure.
  • Using the IoT Security Maturity Model – an approach that helps companies evaluate all steps and levels they need to achieve sufficient IoT protection.
  • Use a dedicated IoT gateway that ensures data transfer’s inbuilt security and reliability. For instance, Kaspersky IoT Secure Gateway is Cyber Immune, which means almost no attack can affect the gateway’s functions.
  • Use Kaspersky Threat Intelligence to block network connections originating from malicious network addresses detected by security researchers.

Read More; Luno names new CEO as it prepares for public listing and enlarging its investment base


Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!