IoT malware threats ballooned in 2018

But the majority of exploits centre around weak credentials or unpatched software

A collection of IoT devices

The scale of emerging malware threats affecting Internet of Things (IoT) devices more than doubled last year as connected devices grew in popularity with businesses and consumers.

An explosion of IoT adoption during 2018 gained the attention of cyber criminals, who now consider this technology as "easy prey" given the majority of exploits centre on weak passwords or unpatched software.

Despite detecting just five significant malware threats in 2017 and three the year before, researchers with F-Secure Labs outlined 19 variants across ten strands that posed risks to the IoT ecosphere last year.

These threats, actively exploiting devices in the wild, included Hide 'N Seek, VPNFilter, and Ghost DNS. VPNFilter, in particular, marked a new dawn for IoT threats given this is the first that appears to have been sponsored by a nation-state, according to F-Secure.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

However, the majority of observed exploits used against connected devices, 87%, hinged on breaching weak or default credentials, unpatched software vulnerabilities, or a combination of the two.

"The explosion of IoT devices in people's homes and offices is attracting attention from cyber criminals," the report said. "And thanks to the security problems commonly found in these devices, they present attackers with low hanging fruit to pick.

"This explosion of attacks suggests that there is still plenty of "easy prey" out there and criminals are going after it."

The researchers highlighted public-facing devices such as routers, cameras and digital video recorders (DVRs) as among the most obvious targets for criminals in the current landscape.

Embedded computers in appliances like washing machines and fridges are nearly as vulnerable with more and more appliances becoming connected.

The automatic infection of IoT devices, meanwhile, is the biggest threat users face, with multiple ways to attack the control interfaces. These include HTTP, SSH and Telnet ports. Incidentally, of the attacks observed by F-Secure in 2018 in 'honeypot' servers, 59% targeted Telnet ports, representing a huge spike.

Advertisement - Article continues below

"Deploying massive amounts of computing power without prioritising security and privacy has created a new target that criminals are just beginning to exploit," the researchers concluded.

"This requires immediate action by manufacturers, regulators and everyone responsible for connecting people to the internet. Because when these threats turn our technologies against us, no one can say that we weren't warned."

As for how the threats will change in the future, the researchers speculated that the majority of IoT threats are likely to focus on using hijacked computing power to help to launch denial-of-service (DoS) attacks and for cryptocurrency mining.

Businesses, meanwhile, have in the past been targeted through IoT infrastructure, including devices such as aquariums and cardiac devices, suggesting that hackers may down the line pursue high-value targets using connected devices.

Advertisement
Advertisement - Article continues below

The report echoed calls for legislation and harsher regulations around IoT security, with companies also calling for the government to intervene and set better regulations.

Research in January showed that 79% of decision-makers believe the government should be playing a more active role in combating IoT cyber crime, whether through creating a framework or establishing clear responsibilities.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020