In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices and network routers has surged dramatically, reaching unprecedented levels.
According to recent data from F5 Labs, the total number of scanning events increased by 91% in 2024 compared to the previous year, with a staggering 8.7 million events recorded.
This sharp rise is attributed primarily to heightened reconnaissance activities aimed at identifying vulnerabilities within consumer-grade routers and IoT devices, which often possess easily exploitable security flaws.
The vulnerability landscape is particularly alarming, with specific attention drawn to CVE-2023-1389, a command injection vulnerability affecting TP-Link Archer AX21 routers.
This single vulnerability accounted for approximately one-third of all scanning attempts in 2024, underscoring the critical need for robust security measures in consumer networking equipment.
The data indicates that scanning for CVEs related to IoT devices constituted a significant portion of overall traffic, with 42% of the top six CVEs targeting these types of devices.
Analysis of the sources behind these scanning activities reveals that a majority are originating from hosting providers rather than traditional botnets or residential proxies.
Notably, AS Number 209605, a hosting provider based in Lithuania, was responsible for nearly 20% of all detected traffic.
This trend suggests that many attackers are leveraging virtual machines and cloud services to conduct their reconnaissance efforts, making it imperative for organizations to monitor and mitigate threats emanating from these environments.
The implications for enterprises are significant. Many organizations may underestimate the risks posed by IoT devices integrated into their networks.
According to F5 Labs Report, security vulnerabilities in these devices can provide attackers with entry points into corporate infrastructures, particularly when remote workers utilize unsecured home routers.
As the threat landscape continues to evolve, organizations must prioritize comprehensive vulnerability assessments and implement stringent patch management practices.
Looking ahead, experts predict that scanning activities will persist at high levels throughout 2025, driven by the ongoing discovery of new vulnerabilities and the proliferation of IoT devices.
Organizations are advised to adopt proactive measures to safeguard their networks against these escalating threats.
Regular vulnerability scans should be conducted to identify potential weaknesses, particularly focusing on high-priority vulnerabilities that could be exploited by attackers.
In addition, employing web application firewalls (WAFs) and monitoring outbound traffic can help detect anomalous behaviors indicative of compromised devices participating in attacks.
As scanning attacks continue to rise, a vigilant and informed approach will be essential for mitigating risks associated with the expanding attack surface presented by IoT technologies and consumer routers.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption…
Kaspersky's latest report on mobile malware evolution in 2024 reveals a significant increase in cyber…
Google is rolling out a new privacy-focused feature called Shielded Email, designed to prevent apps and…
Cybersecurity experts are warning of an increasing trend in fileless attacks, where hackers leverage PowerShell…
Unit 42 researchers have observed a threat actor group known as JavaGhost exploiting misconfigurations in…
A new variant of malware, dubbed "Poco RAT," has emerged as a potent espionage tool…