In 2023, more than 700 advertisements have surfaced on the dark web, offering Distributed Denial of Service (DDoS) attacks via Internet of Things (IoT) devices.
These services are available at different price points, dependent on factors such as DDoS protection and target verification. Prices range from $20 per day to $10,000 per month, with an average cost of approximately $63.50 per day or $1350 per month.
The dark web also serves as a marketplace for exploits targeting zero-day vulnerabilities in IoT devices, along with bundled IoT malware that includes the necessary infrastructure and tools.
Within the realm of IoT malware, multiple strains exist, with many tracing their origins back to the notorious Mirai malware of 2016.
Competition among cybercriminals has driven the development of features designed to counteract rival malware. These tactics involve implementing firewall rules, deactivating remote device management, and terminating processes associated with competing malware.
The predominant method of infecting IoT devices remains brute-force attacks on weak passwords, followed closely by exploiting vulnerabilities in network services. Brute-force attacks, primarily aimed at the unencrypted Telnet protocol, enable hackers to gain unauthorized access by deciphering passwords, thus allowing them to issue commands and deploy malware.
In the first half of 2023, nearly 98% of password brute-force attempts were focused on Telnet, with only 2% targeting SSH. The majority of these attacks were associated with China, India, and the United States, with China, Pakistan, and Russia being the most active offenders.
Furthermore, IoT devices are susceptible to vulnerabilities stemming from exploits in the services they utilize. These attacks involve the execution of malicious commands by exploiting weaknesses in IoT web interfaces, potentially leading to severe consequences such as the dissemination of malware like Mirai.