Cybersecurity and digital privacy multinational Kaspersky detected and blocked 221 695 cyberattacks on Internet of Things (IoT) devices in South Africa, 45 562 in Kenya and 30 089 in Nigeria in 2022.

The number of attacks on IoT devices has been increasing exponentially over the last few years, the firm says, adding that this is related both to the activity of criminal actors and to the increasing number of IoT devices that are in use.

In 2020, there were 42.4-million IoT devices in use in sub-Saharan Africa. By 2030, that number is expected to triple and reach 264-million.

Kaspersky warns that cybercriminals are intensifying their attacks by capitalising on weak security of IoT devices. IoT devices can collect and transfer data over a wireless network without human input. Cybercriminals use networks of infected smart devices to conduct distribute denial of service, or DDoS, attacks or as a proxy for other types of malicious actions.

All of these IoT attacks were blocked on Kaspersky honeypots, which are decoy devices used to attract the attention of cybercriminals and analyse their activities.

Further, in the African region throughout 2022, there were more than 93 000 attempts to brute force logins and passwords to IoT devices using only the most popular combinations, but the total number of brute force attempts is even higher. A brute force attack uses trial-and-error to guess login and password info or encryption keys, with hackers working through all possible combinations to guess correctly, the cybersecurity company said.

Given the diversity of IoT devices and their related cybersecurity risks, the need for their protection is clear, especially when it comes to smart cities or critical infrastructure. Traditional measures are not sufficient for IoT protection, making it crucial that specialised security solutions be implemented.

“As the number of IoT devices grows and attacks intensify, cybercriminals use both advanced and simple tactics to infiltrate smart devices. One of these tactics is using simple password and login combinations.

"Our research showed that, on hundreds of thousands of IoT devices, the most common login and password combinations are admin-admin, guest-guest, or other variants that come as default on different kinds of equipment,” comments Kaspersky Industrial Control Systems Cyber Emergency Response Team security expert Vladimir Dashchenko.

“It is easy to change the default password. We, therefore, urge everyone to take this simple step towards securing your smart devices.

"Further, IoT vendors should consider implementing the next-generation cybersecurity approach in their products, such as devices that feature innate, built-in protection that would make them "cyberimmune". Such technology is available on the market, such as the Kaspersky IoT Secure Gateway system, which is designed to serve as a secure gateway for the IoT on an enterprise network,” he notes.

To keep IoT devices safe, Kaspersky recommends that users change the factory passwords at initial setup and use complex passwords of at least eight characters long, including upper and lowercase letters, numerals and special characters.

Companies should also use a strict access policy, network segmentation and a zero-trust model, which will help minimise the spread of an attack and protect the most sensitive parts of the infrastructure.

Further, users should install updates for firmware as soon as possible and, once a vulnerability is found, it can be fixed through patches within updates, the company says.

Companies should also consider using the IoT Security Maturity Model, which is an approach that helps companies evaluate all the steps and levels they need to pass to achieve a sufficient level of IoT protection, Kaspersky says.

“Companies should use a dedicated IoT gateway that ensures the built-in security and reliability of data transferring, while threat intelligence can block network connections originating from malicious network addresses detected by security researchers,” adds Dashchenko.