IoT malware threats ‘triple’ in first half of 2018
Published On: September 21, 2018 |
The number of malware programs aimed at Internet of Things (IoT) devices has tripled in the first half of 2018, with cyptocurrency mining, DDoS attacks and botnet activities all becoming more prevalent.
This is according to new figures from Kaspersky, which revealed the firm identified more than 120,000 malware modifications in the first six months of this year; more than three times the figure recorded for the whole of 2017 and a tenfold increase from two years ago.
The most common method of gaining access to IoT devices was through the use of brute force to guess passwords. Some 93 per cent of attacks used this method, which may indicate how many companies overlook IoT devices when it comes to basic security measures such as adding strong authentication methods.
David Emm, principal security researcher at Kaspersky Lab, said that many smart gadget manufacturers are not paying enough attention to the security of their products, with this only being considered as an afterthought rather than implemented into the devices at the design stage.
"For those people who think that IoT devices don't seem powerful enough to attract the attention of cyber criminals, and that won't become targets for malicious activities, this research should serve as a wake-up call," he added.
The main reason criminals are targeting IoT devices is in order to to harness them as a part of a botnet they can then use to implement DDoS attacks. However, there are also a range of other motivations behind these attacks.
Mr Emm said: "IoT products have become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing, blackmailing and conducting DDoS attacks."
Kaspersky set up a series of decoy devices, known as 'honeypots' in order to lure cyber criminals and analyse their activities. It found the most common IoT devices targeting these honeypots were routers, which made up 60 per cent of attacks.
The remainder originated from a wide range of gadgets, from DVRs to printers. Even washing machines were found to be compromised by malware, with 33 attacks coming from these connected devices.
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.