IoT malware threats ‘triple’ in first half of 2018

Credit: Rick_Jo via iStock

The number of malware programs aimed at Internet of Things (IoT) devices has tripled in the first half of 2018, with cyptocurrency mining, DDoS attacks and botnet activities all becoming more prevalent.

This is according to new figures from Kaspersky, which revealed the firm identified more than 120,000 malware modifications in the first six months of this year; more than three times the figure recorded for the whole of 2017 and a tenfold increase from two years ago.

The most common method of gaining access to IoT devices was through the use of brute force to guess passwords. Some 93 per cent of attacks used this method, which may indicate how many companies overlook IoT devices when it comes to basic security measures such as adding strong authentication methods.

David Emm, principal security researcher at Kaspersky Lab, said that many smart gadget manufacturers are not paying enough attention to the security of their products, with this only being considered as an afterthought rather than implemented into the devices at the design stage.

"For those people who think that IoT devices don't seem powerful enough to attract the attention of cyber criminals, and that won't become targets for malicious activities, this research should serve as a wake-up call," he added.

The main reason criminals are targeting IoT devices is in order to to harness them as a part of a botnet they can then use to implement DDoS attacks. However, there are also a range of other motivations behind these attacks.

Mr Emm said: "IoT products have become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing, blackmailing and conducting DDoS attacks."

Kaspersky set up a series of decoy devices, known as 'honeypots' in order to lure cyber criminals and analyse their activities. It found the most common IoT devices targeting these honeypots were routers, which made up 60 per cent of attacks.

The remainder originated from a wide range of gadgets, from DVRs to printers. Even washing machines were found to be compromised by malware, with 33 attacks coming from these connected devices.