IoT malware sees major rise

null

The number of malware targeting Internet of Things (IoT) devices is ‘snowballing’, Kaspersky Lab’s newest report claims.

The company’s security experts are saying they’ve spotted more than 120,000 malware modifications in the first half of 2018, which is three times more than the amount for the whole of 2017.

The number of smart device malware modifications have seen a 10x rise compared to two years ago.

The most popular way of breaching into an IoT device is brute force – when a hacker tries to guess the password countless times, until he finally succeeds. This type of attack was used in 93 per cent of cases. In the remaining seven per cent, ‘well-known’ exploits were used.

Routers were the most popular target, by a large margin, with 60 per cent of all attacks being targeted at them. The remaining 40 per cent is split between DVR devices, printers and other IoT devices, including 33 washing machines.

Hackers attack IoT devices mostly because they want to use them to expand their DDoS botnet.

“For those people who think that IoT devices don’t seem powerful enough to attract the attention of cybercriminals, and that won’t become targets for malicious activities, this research should serve as a wake-up call,” said David Emm, Principal Security Researcher at Kaspersky Lab.

“Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it’s vital that this changes – and that security is implemented at the design stage, rather than considered as an afterthought. At this point, even if vendors improve the security of devices currently on the market, it will be a while before old, vulnerable devices have been phased out of our homes. In addition, IoT malware families are rapidly being customised and developed, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones. IoT products have therefore become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing, blackmailing and conducting Distributed Denial of Service (DDoS) attacks.”

Image Credit: Chesky / Shutterstock