Symantec Internet Security Report 2018: “5,200 IoT attacks per month”

It’s been more than two years since, in late 2016, the threat of cyber attacks that leveraged Internet of Things (IoT) devices moved from theoretical to actual. 2016, several distributed denial of service (DDoS) assaults each leveraged tens of thousands of poorly secured IoT devices to send crippling volumes of traffic to targeted web sites.

Although such massive attacks have remained rare, the sheer number of IoT-based attacks ramped up rapidly in 2017 and held roughly steady in 2018, according to the most recent iteration of Symantec’s annual Internet Security Threat Report (ISTR).

Throughout 2018, the Symantec honeypot averaged 5,200 IoT attacks per month. 75 per cent of all ‘honeypot’ attacks were caused by infected routers, connected cameras a distant second at 15.2% per cent

“Many devices are five years old or older,” says Candid Wueest, senior principal threat researcher with Symantec Security Response, “and they also don’t require other security processes such as the enforcement of password changes.”

The consequence of this particular failing is evident in Symantec’s ISTR analysis: The top password that attackers used to access IoT devices in 2018 was “123456,” which was used in one-quarter of all attacks.

In second place? No password at all, which accounted for 17 per cent of the 2018 attacks.

Ideally, manufacturers of new IoT devices will build better security into their products, but there are no guarantees. “We still see vendors who don’t understand security or don’t care,” Wueest, says. “Sometimes, it may be because their margins are so low that they have no incentive to increase their expenses by building more-secure products.”

• To read the full Symantec Expert Perspective please go to
• To read the full Symantec Internet Security Threat Report please go to