IoT malware is on the rise.
Malware attacking connected devices has tripled in the first half of 2018, Kaspersky Lab’s IoT report reveals.
During the period, the security firm found more than 120,000 modifications of malware in IoT devices, which it said is more than triple the IoT malware seen in the whole of 2017.
“Compared to personal computers and smartphones, IoT devices might not seem powerful enough to attract cybercriminals and be used in their illegal activity. However, their lack of performance is more than outweighed by their number, and the fact that some smart gadget manufacturers are still not paying enough attention to the security of their products,” said Mikhail Kuzin, a security researcher at Kaspersky Lab.
He added that even if vendors begin to provide their devices with better security now, it will be a while before old vulnerable devices have been phased out of homes.
“In addition, IoT malware families are customizing and developing very fast, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones,” he added.
The security expert explained that cybercriminals can turn simple machines into a powerful device for illegal activity, such as spying, stealing, and blackmailing.
In Kaspersky’s research, the smart devices most often attacked were routers. The remaining share of compromised IoT gadgets included a variety of gadget types such as DVR-devices and printers and even washing machines.
The statistics also show that the most popular method of IoT malware propagation is still the brute forcing of passwords or repetitive attempts at various password combinations.
Cybercriminals may have different reasons to exploit IoT, according to Kaspersky, but the most popular goal is to facilitate DDoS-attacks by creating botnets. Some malware modifications are also tailored to turn off competing malware, fix its own vulnerabilities, and shut down vulnerable services on the device.
It said the brute force was used in 93 percent of detected attacks. In most of the remaining cases, access to an IoT device was gained using well-known exploits.
Photo by rawpixel.com from Pexels