Trend Micro reveals that IoT is a ‘hot topic’ in cybercriminal underground; shows monetization of IoT attacks is increasing

Cybersecurity company Trend Micro released on Tuesday new research detailing a fast-growing market for IoT attacks. Cybercriminals from around the world are actively discussing how to compromise connected devices, and how to leverage these devices for moneymaking schemes.

Trend Micro Research analyzed forums in the Russian, Portuguese, English, Arabic, and Spanish language-based underground markets to determine how cybercriminals are abusing and monetizing connected devices. Following analysis, Trend Micro can confidently say that, in general, IoT attacks are not made by professionals trying to subvert IoT infrastructure. Instead, they are made by typical old-time cybercriminals who have evolved into IoT attackers.

The results showed that the most advanced criminal markets are Russian- and Portuguese-speaking forums, in which financially driven attacks are most prominent. In these forums, cybercriminal activity is focused on selling access to compromised devices – mainly routers, webcams and printers – so they can be leveraged for attacks. 

There were also tutorials on the inner workings of commercial gas pumps, including programmable logic controllers (PLCs). PLCs are devices found in factories and other structures with industrial machinery that enable complex equipment to be managed remotely. Along with mere tutorials, Trdn Micro saw tools for discovering and exploiting online devices, which were again mostly routers and webcams.

The most common way to monetize router infections is to set up botnets, which can later be used as a distributed network that provides services that can be offered to other criminals for a fee. Webcams, on the other hand, are usually monetized by selling access to their video streams. 

As expected, the price for stream access and buyer interest depend on where and what the camera is looking at. The most prized streams are bedrooms, massage parlors, warehouses, and payment desks at retail shops. These video streams are often categorized thematically and sold as subscriptions.

Another popular offering is either software for or tutorials on automating searches for specific devices on Shodan, which is a popular web search engine for finding online devices. 

The Russian cybercrime underground market is the most sophisticated out of all the underground communities, Trend MIcro reveals The money-driven criminals make up a market thriving with exploits for routers, customized firmware for smart meters, talks of hacking gas pumps, and router-based botnets for sale.

There is a variety of conversations taking place around devices, including less common platforms. Most of these talks have a monetization angle. In general, the Russian underground is a place for business where hacking and technical information are mere details.

The Russian underground is a dynamic place where all sorts of illegal and shady products are up for sale. Criminals often post advertisements looking for IoT botnet developers. In addition, other users ask for things they are ready to buy.

The Russian cybercrime underground markets have monetization schemes not only for router-based botnets but also for hacked cameras. Aside from these more common devices, forum members are also looking into hacking smart electricity meters. The Russian government has recently mandated that all electricity meters be replaced by online smart meters, which explains the proliferation of meter hacking. 

Of course, Russian hackers and criminals are already looking into modifying and selling customized firmware for these new devices. So far, there doesn’t seem to be a clear monetization plan for this beyond physically selling modi ed smart meters. These modi ed smart meters are marketed as a means to save on monthly residential bills for electricity, water, and gas.

In the future, hacking smart meters may offer criminals a new way of making money. Nowadays, attacking these devices is probably more akin to hacktivism rather than professional money-driven attacks.

According to Trend Micro’s findings, most conversations and active monetization schemes are focused on consumer devices. However, discussions on how to discover and compromise connected industrial machinery are also occurring, especially PLCs used to control large-scale manufacturing equipment. The most likely business plan to monetize attacks against these industrial devices involves digital extortion attacks that threaten production downtime.

Additionally, the report predicts an increase in IoT attack toolkits targeting a broader range of consumer devices, such as virtual reality devices. The opportunities for attackers will also multiply as more devices are connected to the internet, driven by 5G implementations.

Trend Micro urges manufacturers to partner with IoT security experts to mitigate cyber-related risks from the design phase. End users and integrators should also gain visibility and control over connected devices to be aware of and curb their cyber risk.

“We’ve lifted the lid on the IoT threat landscape to find that cybercriminals are well on their way to creating a thriving marketplace for certain IoT-based attacks and services,” said Steve Quane, executive vice president of network defense and hybrid cloud security for Trend Micro. “Criminals follow the money – always. The IoT market will continue to grow, especially with landscape changes like 5G. While IoT attacks are still in their infancy, we also found criminals discussing how to leverage industrial equipment for the same gain. Enterprises must be ready to protect their Industry 4.0 environments.”


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.

Name