IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

IoT malware tripled in the first half of 2018

Cryptocurrency mining, DDoS attacks and botnet activities are becoming more prevalent

A collection of IoT devices

Kaspersky's latest IoT Lab Report has revealed that Internet of Things malware has tripled in the first half of 2018 and attacks are becoming more sophisticated as hackers realise the financial opportunities of breaking into networked devices.

One of the biggest problems the industry is facing is that attacks, such as malicious cryptocurrency mining, DDoS attacks and botnet activities are becoming more prevalent and harder for manufacturers to combat.

Using brute force to guess passwords at a shocking rate is the most commonly used methods of attack by criminals, accounting for 93% of hacking methods they use, while routers were the most used type of equipment to bombard what the company describes as "honeypots" - the IoT test devices used as a gateway for an attack.

"For those people who think that IoT devices don't seem powerful enough to attract the attention of cybercriminals, and that won't become targets for malicious activities, this research should serve as a wake-up call," David Emm, principal security researcher at Kaspersky Lab said.

"Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it's vital that this changes and that security is implemented at the design stage, rather than considered as an afterthought. At this point, even if vendors improve the security of devices currently on the market, it will be a while before old, vulnerable devices have been phased out of our homes."

Kaspersky explained the main reason criminals are using the IoT as a way of breaking into devices is to harness them as a gateway to implement a DDoS attack using botnets. However, other motivations for attacking IoT devices include aiming to turn off competing malware, fix vulnerabilities in installed malware and shut down vulnerable services on the device so other malware can't use security holes.

Emm added that one of the biggest concerns of security researchers and manufacturers should be the rate at which attacks are customised and new attacks are developed.

"While previously exploited breaches have not been fixed, criminals are constantly discovering new ones," he said. "IoT products have therefore become an easy target for cybercriminals, who can turn simple machines into powerful devices for illegal activity, such as spying, stealing, blackmailing and conducting Distributed Denial of Service (DDoS) attacks."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022