Kaspersky Lab Report: IoT Malware Grew Three-Fold in H1 2018

Woburn, MA – September 18, 2018 – Kaspersky Lab today released a new IoT report, which found that during the first half of 2018, IoT devices were attacked with more than 120,000 modifications of malware, which is more than triple the amount of IoT malware seen throughout 2017. Kaspersky Lab warns that the significant growth of malware families for smart devices is a continuation of a dangerous trend, as 2017 also saw the number of smart device malware modifications rise to 10 times the amount seen in 2016.

The market for IoT devices (also known as smart gadgets), and their role in everyday life, is growing exponentially. As a result, cybercriminals understand the financial opportunities, leading them to multiply and differentiate their attacks. This poses a danger for consumers who own smart gadgets, as these threats can strike unexpectedly, turning seemingly harmless devices into powerful machines for illegal activity. These activities can include malicious cryptocurrency mining, DDoS attacks or the discreet inclusion of devices in botnet threats.

Kaspersky Lab experts regularly review the data collected from various sources including their own honeypots, which serve as decoy devices used to attract the attention of cybercriminals and analyze their activities. The latest updates are striking: during the first half of 2018, the number of malware modifications aimed at IoT devices registered by researchers was more than three times higher than the number registered throughout all of 2017.

The statistics also show that the most popular method of IoT malware propagation is still the brute force of passwords, or repetitive attempts at various password combinations. Brute forcing was used in 93 percent of detected attacks. In most of the remaining cases, access to an IoT device was gained using well-known exploits.

The devices most often attacking Kaspersky Lab honeypots were routers, as 60 percent of the registered attempts to attack the company’s virtual devices were coming from this source. The remaining share of compromised smart gadgets included a variety of different technologies, such as DVR devices and printers. The honeypots even registered an attack coming from 33 washing machines.

Cybercriminals may have different reasons to exploit IoT, but the most popular goal is to facilitate DDoS-attacks by creating botnets. Some malware modifications are also tailored to turn off competing malware, fix its own vulnerabilities and shutdown vulnerable services on the device.

“Compared to personal computers and smartphones, IoT devices might not seem powerful enough to be used in cybercriminals’ illegal activity; however, their lack of performance is more than outweighed by their number, and the fact that some smart gadget manufacturers are still not paying enough attention to the security of their products,” says Mikhail Kuzin, security researcher, Kaspersky Lab. “Even if vendors begin to provide their devices with better security now, it will be a while before old vulnerable devices have been phased out of our homes.”

Kuzin added: “In addition, IoT malware families are customizing and developing very fast, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones. IoT products have therefore become an easy target for cybercriminals who can turn simple machines into a powerful device for illegal activity, such as spying, stealing and blackmailing.”

To reduce the risk of infection, users are advised to:

  • Install updates for firmware used as soon as possible. Once a vulnerability is found, it can be fixed through patches within updates.
  • Always change preinstalled passwords. Use complicated passwords that include both capital and lower case letters, numbers and symbols.
  • Use solutions such as Kaspersky Smart Home and IoT Scanner to check IoT devices for vulnerabilities and infections. The free application is available for beta testing in Google Play in a limited number of countries.
  • Reboot a device as soon as it begins acting strangely. It might help get rid of existing malware, but this doesn’t reduce the risk of getting another infection.

Read the full version of the IoT report on Securelist.com.