IoT devices increasingly used in DDoS attacks, says Symantec research

MOUNTAIN VIEW, CA. Symantec has released new research revealing that cybercriminal networks are taking advantage of lax Internet of Things (IoT) device security to spread malware and create botnets for use in distributed denial of service (DDoS) attacks. According to the research, cybercriminals are hijacking home networks and connected consumer devices, stitching them together in large webs, and carrying out attacks on more profitable targets, such as large companies.

The research, based on 2015 data, shows that last year was a record year for IoT attacks, with most malware targeting non-PC embedded devices such as web servers, routers, modems, network attached storage (NAS) devices, closed-circuit television (CCTV) systems, and industrial control systems. Many are Internet-accessible but, because of their operating system and processing power limitations, do not include advanced security features.

Symantec found that many attackers pre-program malware with commonly used and default passwords, allowing them to easily hijack IoT devices. The most common password combination used by IoT malware in attempts to log into devices was the combination of ‘root’ and ‘admin,’ indicating that default passwords are infrequently changed. The research also indicates that more than half of all IoT attacks originate from China and the U.S. according to the location of IP addresses used to launch malware, though some may be proxies used to disguise hackers’ true locations.

Additional information on Symantec’s IoT research can be found at