Here’s some bad news for tech-savvy people and organisations that have zealously begun using Internet of Things (IoT) devices such as smart cameras but don’t care to protect them from hackers.

Hackers are not sweating to breaking into the systems. They are using primitive methods such as guessing passwords. Some victims are found to be using easy-to-guess passwords such as admin.

Top-10 victim countries

India has just entered the Top-10 list of countries with most attacks on IoT devices in the first half of 2019. That the country didn’t figure in the list in the same period last year shows how alarming the situation is.

Over 40 lakh attacks on IoT devices have been detected in the country, making it the seventh in the Top-10 list. China with 30 per cent of all attacks, Brazil with 19 per cent and Egypt with 12 per cent emerged as the top victims.

There is a huge spurt in smart devices such as routers and security cameras but people gives no attention to protect them from cyber intrusions, cyber security solutions company Kaspersky has said in its report, IoT: A Malware Story, capturing the outcome of attacks on honey pots in the first half of 2019.

“Our honeypots have detected 10.5 crore attacks on IoT devices from 276,000 unique IP addresses as against 12 million attacks originating from 69,000 IP addresses in the same period last year,” the report said.


Proliferation of IoT devices and lack of awareness on cyber security make this space a lucrative one for cyber criminals. The number of attacks on IoT devices crossed 10-crore mark in the first half of this year, which is nine times more than the number of attacks in the same period last year.

Honey pots (or decoy used by security experts to attract the hackers) have found interesting insights about the modus operandi of the hackers.

Good news,however is that attacks on IoT devices are usually not sophisticated. But users are generally are not aware of the subtle intrusions into their devices. The malware family behind 39 per cent of attacks — Mirai — is capable of using the weak links in the form of old or unpatched vulnerabilities.

Tapping on weak links in IoT networks, hackers have intensified their attacks to barge into IoT devicesto make money. After taking control, the hackers, then, will launch DDoS (Distributed Denial-of-Service) attacks.

Launching DDoS attacks, hackers deny the regular visitors or customers to a site, denying the service.

“This is much easier than most people think. The most common combinations by far are usually ‘support/support’, followed by ‘admin/admin’, ‘default/default’,”Dan Demeter, a researcher at Kaspersky Lab, said.

How to be safe

  • Install updates on devices.
  • Make it a point to pre-installed passwords.
  • Use complicated passwords
  • Reboot devices as soon as devices begin to act strangely.