an analysis of the exposure of internet of things assets in china

Posted by deaguero at 2020-03-16

Reading: 2729

On September 20, 2016, the website of Brian Krebs, a famous security journalist, was attacked by a large-scale DDoS attack with a peak of 665gbps. Brian Krebs speculated that the attack was launched by Mirai botnet. On September 20, 2016, Mirai botnet broke the DDoS attack record against the French website host OVH, with the attack volume reaching 1.1tpbs and the maximum reaching 1.5tpbs. On October 21, 2016, the U.S. domain name service provider dyn suffered a large-scale DDoS attack, in which the important source of attack was confirmed to be from Mirai Botnet, and the east coast of the United States suffered a large area of network paralysis. On November 28, 2016, Deutsche Telekom encountered the outage time, and the attack source came from a new variant of Mirai botnet. The wide spread of Mirai botnet is due to the security problems of Internet of things devices exposed to the Internet, such as weak password.

It is worth noting that a large part of the Internet of things devices infected by Mirai malicious code are directly exposed to the Internet. Therefore, it is a very worthy research point to grasp the exposure of Internet of things assets in the whole Internet. A feasible research method is to find relevant Internet of things devices through the cyberspace search engine.

The exposure of an Internet of things device to the Internet does not necessarily mean that the device has problems, only that the device has the risk of being attacked or even used. For example, a device can be logged in by user name and password. If the user uses a password with high security strength, the device does not have the risk of weak password. However, once the device is exposed to the Internet, it will increase its attack area. Once the relevant services exposed in the sudden security events (such as heart bleeding) are found loopholes, there is a risk of being broken.

Due to the limited energy, it is difficult to guarantee the coverage of all categories, and for the categories included, it is also difficult to guarantee the 100% accuracy of the data. But in the process of analysis, we make sure that the data is as comprehensive and accurate as possible by comparing and analyzing the data of three search engines. In addition, our purpose is to reveal the necessity and urgency of Internet of things security protection by showing the exposure of Internet of things devices on the Internet. From this point of view, a small amount of missing or noisy data does not affect the point of view of the article.

This time we mainly analyze the video monitoring devices, routers and printers in the Internet of things. In the future, we will analyze the exposure of more devices and update the data in this paper.

If you need to know more, you can

Download: Exposure Analysis of domestic Internet of things assets (March 2017)

Full report link: join QQ group: 570982169 direct query: 010-68438880