Businesses are increasingly adopting connected technologies and as a result IoT malware is increasingly intruding its way into the world…
Businesses are increasingly adopting connected technologies such as wearables and office sensors to streamline operations and boost productivity, and as a result, the Internet of Things (IoT) Industry is on the rise. According to Cisco, by the year 2020, there will be more than 50 billion Internet-connected objects in use, and the Industry will be turning over trillions in profit annually. At the same time, these devices will be generating large amounts of crucial data that is critical to business operations. While there is a great potential for IoT, there are fears that cybercriminals are eyeing up IoT as a lucrative opportunity. On this, Gartner says security spending will reach $348 million (around £260 million, AU$455 million) by the end of 2016, an increase of 23.7% on the previous year.
According to new research from Kaspersky Lab, during the first half of 2018, malware designed specifically for Internet of Things (IoT) devices grew three-fold with over 120,000 modifications of malware.
Kaspersky Lab’s IoT report revealed that the growth of malware families for smart devices is snowballing and part of a dangerous trend that could leave consumer devices vulnerable to illegal activity including cryptocurrency mining, DDoS attacks or being used in large scale attacks by becoming part of a botnet. The security firm is well aware of these threats and the company has set up its own decoy devices called honeypots to lure cybercriminals and analyze their activities online.
According to the statistics, the most popular method of spreading IoT malware is still brute forcing passwords where hackers repetitively try various password combinations before eventually gaining access to a device. Brute forcing was used in 93% of attacks while well-known exploits were used in the remaining cases.
Kaspersky Lab’s honeypots were attacked most often by routers with 60% of attacks coming from them. The remaining attacks were carried out by a variety of devices including DVRs and printers. Surprisingly, 33 attacks were carried out by connected washing machines.
Cyber crooks may have various reasons for exploiting IoT devices but the most popular reason was to create botnets which would be used to facilitate DDoS attacks. Some of the malware modifications discovered by Kaspersky Lab were even tailored to disable competing malware.
Principal Security Researcher at Kaspersky Lab, David Emm provided further insight on the firm’s report, saying:
“For those people who think that IoT devices don’t seem powerful enough to attract the attention of cybercriminals, and that won’t become targets for malicious activities, this research should serve as a wake-up call. Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it’s vital that this changes – and that security is implemented at the design stage, rather than considered as an afterthought.
“At this point, even if vendors improve the security of devices currently on the market, it will be a while before old, vulnerable devices have been phased out of our homes. In addition, IoT malware families are rapidly being customised and developed, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones. IoT products have therefore become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing, blackmailing and conducting Distributed Denial of Service (DDoS) attacks.”