Symantec Research Finds IoT Devices Increasingly Used to Carry out DDoS Attacks

Targeted IoT Devices Include Home Networks, Routers, Modems, CCTV
Systems and Industrial Control Systems

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Symantec Corp. (NASDAQ:SYMC), the global leader in cyber security, today
revealed new
demonstrating how cybercriminal networks are taking
advantage of lax Internet of Things (IoT) device security to spread
malware and create zombie networks, or botnets, unbeknownst to their
device owners.

Symantec’s Security Response team has discovered that cybercriminals are
hijacking home networks and everyday consumer connected devices to help
carry out distributed denial of service (DDoS) attacks on more
profitable targets, usually large companies. To succeed, they need cheap
bandwidth and get it by stitching together a large web of consumer
devices that are easy to infect because they lack sophisticated security.

More than half of all IoT attacks originate from China and the U.S.,
based on the location of IP addresses to launch malware attacks. High
numbers of attacks are also emanating from Germany, the Netherlands,
Russia, Ukraine and Vietnam. In some cases, IP addresses may be proxies
used by attackers to hide their true location.

Most IoT malware targets non-PC embedded devices such as web servers,
routers, modems, network attached storage (NAS) devices, closed-circuit
television (CCTV) systems, and industrial control systems. Many are
Internet-accessible but, because of their operating system and
processing power limitations, they may not include any advanced security

As attackers are now highly aware of insufficient IoT security, many
pre-program their malware with commonly used and default passwords,
allowing them to easily hijack IoT devices. Poor security on many IoT
devices makes them easy targets, and often victims may not even know
they have been infected.

Additional findings from Symantec’s research include:

  • 2015 was a record year for IoT attacks, with plenty of speculation
    about possible hijacking of home automation and home security devices.
    However, attacks to date have shown that attackers tend to be less
    interested in the victim and the majority wish to hijack a device to
    add it to a botnet, most of which are used to perform DDoS attacks.
  • IoT devices are a prime target, since they are designed to be plugged
    in and forgotten after basic set-up.
  • The most common passwords IoT malware used to attempt to log into
    devices was, unsurprisingly, the combination of ‘root’ and ‘admin’,
    indicating that default passwords are frequently never changed.
  • Attacks originating from multiple IoT platforms simultaneously may be
    seen more often in the future, as the amount of the embedded devices
    connected to the Internet rises.

Additional information on Symantec’s IoT research can be found at:

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security
company, helps organizations, governments and people secure their most
important data wherever it lives. Organizations across the world look to
Symantec for strategic, integrated solutions to defend against
sophisticated attacks across endpoints, cloud and infrastructure.
Likewise, a global community of more than 50 million people and families
rely on Symantec’s Norton suite of products for protection at home and
across all of their devices. Symantec operates one of the world’s
largest civilian cyber intelligence networks, allowing it to see and
protect against the most advanced threats. For additional information,
please visit or
connect with us on Facebook,
and LinkedIn.


Symantec Corporation
Jennifer Duffourg, +33 6 73 06 50 43
PR Manager, EMEA Corporate Communications
Nagel, 650-527-8853
PR Manager