According to the Kaspersky Lab IoT report, in the first half of 2018, IoT devices were attacked with more than 120,000 modifications of malware.
According to the Kaspersky Lab IoT report, in the first half of 2018, IoT devices were attacked with more than 120,000 modifications of malware. That’s more than triple the amount of IoT malware seen in the whole of 2017. Kaspersky Lab warns that the snowballing growth of malware families for smart devices is a continuation of a dangerous trend: 2017 also saw the number of smart device malware modifications rise to 10 times the amount seen in 2016.
The market for IoT devices (also known as “smart” gadgets), and their role in everyday life, is growing exponentially. But cybercriminals are seeing the financial opportunities too, and are multiplying and differentiating their attacks as a result. The danger for consumers who love their IoT gadgets is that threats can strike unexpectedly, turning seemingly harmless devices into powerful machines for illegal activity. This can include malicious cryptocurrency mining, DDoS attacks, or the discreet inclusion of devices in botnet activities.
Aware of these dangers, Kaspersky Lab experts regularly review the data collected from various sources, including ‘honeypots’ - decoy devices used to attract the attention of cybercriminals and analyse their activities. The latest updates are striking: during the first half of 2018, the number of malware modifications aimed at IoT devices registered by researchers was more than three times higher than the number registered in the whole of 2017.
The statistics show that the most popular method of IoT malware propagation is still the brute forcing of passwords - repetitive attempts at various password combinations. Brute forcing was used in 93% of detected attacks. In most of the remaining cases, access to an IoT device was gained using well-known exploits.
The devices most often attacking Kaspersky Lab honeypots were routers (by a large margin). 60% of the registered attempts to attack our virtual devices were coming from them. The remaining share of compromised IoT gadgets included a variety of different technologies, such as DVR-devices and printers. The honeypots even registered an attack coming from 33 washing machines.
Different cybercriminals may have different reasons to exploit IoT, but the most popular goal is to facilitate DDoS-attacks by creating botnets. Some malware modifications are also tailored to turn off competing malware, fix its own vulnerabilities and shutdown vulnerable services on the device.
“For those people who think that IoT devices don’t seem powerful enough to attract the attention of cybercriminals, and that won’t become targets for malicious activities, this research should serve as a wake-up call. Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it’s vital that this changes – and that security is implemented at the design stage, rather than considered as an afterthought. At this point, even if vendors improve the security of devices currently on the market, it will be a while before old, vulnerable devices have been phased out of our homes. In addition, IoT malware families are rapidly customising and developing, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones. IoT products have therefore become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing and blackmailing,” notes David Emm, Principal Security Researcher at Kaspersky Lab.
To reduce the risk of infection, individuals are advised to:
- Install updates for the firmware you use as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.
- Always change preinstalled passwords. Use complicated passwords that include both capital and lower case letters, numbers and symbols.
- Use Kaspersky Smart Home and IoT Scannerto check your IoT devices for vulnerabilities and infections.
- Reboot a device as soon as you think it’s acting strangely. It might help get rid of existing malware, but this doesn’t reduce the risk of getting another infection.
Read the full version on Securelist.com.
