Symantec has published new research that indicates cybercriminals work to hijack home networks and consumer Internet of Things devices to launch distributed denial of service attacks against large companies.
The company said Thursday its security response team has found that cybercriminals gain cheap bandwidth through a web of consumer devices to spread malware and create zombie networks or botnets without the knowledge of device owners.
More than half of the attacks Symantec examined come from China and the U.S. based on the Internet Protocol addresses of perpetrators.
Symantec noted that high numbers of attacks also originate from Germany, the Netherlands, Russia, Ukraine and Vietnam although attackers may use proxies to hide their location.
Attackers spread most IoT malware through non-PC embedded devices such as web servers, routers, modems, network attached storage devices, closed-circuit television systems and industrial control systems, according to the research.
Symantec’s study also found cybercriminals pre-program malware with commonly used and default passwords such as the combination of ‘root’ and ‘admin’ which indicates default passwords are often left unchanged.
Attackers are less interested in device owners and most aim to hijack a device to add it to a botnet which are mostly used to carry out DDoS attacks, Symantec said.
The company added attacks from multiple IoT platforms simultaneously may occur more frequently in the future as the number of embedded devices connected to the internet increases.