EDITOR’S QUESTION
WHAT ARE
THE SECURITY
CHALLENGES THAT
ENTERPRISES
UTILISING IOT
SHOULD BE
AWARE OF?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
I
oT devices were attacked with more
than 120,000 modifications of malware
in the first half of 2018 – more than
triple the amount of IoT malware seen in the
whole of 2017. Aware of these dangers, Kaspersky Lab
experts regularly review the data collected
from various sources including honeypots –
decoy devices used to attract the attention
of cybercriminals and analyse their activities.
That’s according to the Kaspersky Lab
IoT report, with the cybersecurity vendor
warning that the snowballing growth of
malware families for smart devices is a
continuation of a dangerous trend. The year
2017 also saw the number of smart device
malware modifications rise to 10 times the
amount seen in 2016. The latest updates are striking – during
the first half of 2018, the number of
malware modifications aimed at IoT
devices registered by researchers was more
than three times higher than the number
registered in the whole of 2017.
The market for IoT devices (also known
as ‘smart’ gadgets) and their role in
everyday life, is growing exponentially.
But cybercriminals are seeing the financial
opportunities too and are multiplying and
differentiating their attacks as a result.
The danger for consumers who love their IoT
gadgets is that threats can strike unexpectedly,
turning seemingly harmless devices into
powerful machines for illegal activity.
This can include malicious cryptocurrency
mining, DDoS attacks or the discreet
inclusion of devices in botnet activities.
36
INTELLIGENTCIO
The statistics show that the most popular
method of IoT malware propagation is still
the brute forcing of passwords – repetitive
attempts at various password combinations.
Brute forcing was used in 93% of detected
attacks. In most of the remaining cases,
access to an IoT device was gained using
well-known exploits.
The devices most often attacking Kaspersky
Lab honeypots were routers (by a large
margin). A total of 60% of the registered
attempts to attack virtual devices were
coming from them.
The remaining share of compromised IoT
gadgets included a variety of different
technologies, such as DVR-devices and
printers. The honeypots even registered an
attack coming from 33 washing machines.
“Compared to personal computers and
smartphones, IoT devices might not seem
powerful enough to attract cybercriminals
and be used in their illegal activity. However,
their lack of performance is more than
outweighed by their number and the fact
that some smart gadget manufacturers
are still not paying enough attention to the
security of their products,” said Mikhail Kuzin,
Security Researcher at Kaspersky Lab.
“Even if vendors begin to provide their
devices with better security now, it will
be a while before old vulnerable devices
have been phased out of our homes.
In addition, IoT malware families are
customising and developing very fast and
while previously exploited breaches have
not been fixed, criminals are constantly
discovering new ones.
“IoT products have therefore become an
easy target for cybercriminals who can turn
simple machines into a powerful device
for illegal activity, such as spying, stealing
and blackmailing.”
www.intelligentcio.com