Current IoT malware activity ‘more than double that of 2016’
Published On: June 20, 2017 |
The number of Internet of Things (IoT) malware samples currently in the wild is already more than double the amount seen last year, according to a new report by Kaspersky Lab researchers.
A total of 7,242 IoT malware samples were found in May by the researchers, who set out honeypots mimicking a number of connected devices running Linux. This compares to 3,219 in 2016.
In a report, the researchers said: “According to Gartner, there are currently over six billion IoT devices on the planet. Such a huge number of potentially vulnerable gadgets could not possibly go unnoticed by cybercriminals.
“As of May 2017, Kaspersky Lab’s collections included several thousand different malware samples for IoT devices, about half of which were detected in 2017.”
Explaining their research, they said that they set up several traps that imitated various devices running Linux. They then left them connected to the internet to see what happened in the wild.
According to the researchers, it did not take a long time for the first result. They said it took “just a few seconds” before they witnessed the first attempted connections to the open telnet port. Over the following 24-hour period, they said there were tens of thousands of attempted connections from unique IP addresses.
Explaining the problem of a poorly configured or vulnerable device to a network, the Kaspersky Lab researchers said the most common scenario would result in the device ending up as part of a botnet.
However, there are more worrying potential consequences of a compromised IoT device, including it being used for illegal activities or criminals accessing it to spy on and then blackmail the owner.
The researchers have blamed firmware updates, which can be slow or even non-existent, and passwords, which are often the same across an entire range of products.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.