IoT malware threats ballooned in 2018

A collection of IoT devices

The scale of emerging malware threats affecting Internet of Things (IoT) devices more than doubled last year as connected devices grew in popularity with businesses and consumers.

An explosion of IoT adoption during 2018 gained the attention of cyber criminals, who now consider this technology as "easy prey" given the majority of exploits centre on weak passwords or unpatched software.

Despite detecting just five significant malware threats in 2017 and three the year before, researchers with F-Secure Labs outlined 19 variants across ten strands that posed risks to the IoT ecosphere last year.

These threats, actively exploiting devices in the wild, included Hide 'N Seek, VPNFilter, and Ghost DNS. VPNFilter, in particular, marked a new dawn for IoT threats given this is the first that appears to have been sponsored by a nation-state, according to F-Secure.

However, the majority of observed exploits used against connected devices, 87%, hinged on breaching weak or default credentials, unpatched software vulnerabilities, or a combination of the two.

"The explosion of IoT devices in people's homes and offices is attracting attention from cyber criminals," the report said. "And thanks to the security problems commonly found in these devices, they present attackers with low hanging fruit to pick.

"This explosion of attacks suggests that there is still plenty of "easy prey" out there and criminals are going after it."

The researchers highlighted public-facing devices such as routers, cameras and digital video recorders (DVRs) as among the most obvious targets for criminals in the current landscape.

Embedded computers in appliances like washing machines and fridges are nearly as vulnerable with more and more appliances becoming connected.

The automatic infection of IoT devices, meanwhile, is the biggest threat users face, with multiple ways to attack the control interfaces. These include HTTP, SSH and Telnet ports. Incidentally, of the attacks observed by F-Secure in 2018 in 'honeypot' servers, 59% targeted Telnet ports, representing a huge spike.

"Deploying massive amounts of computing power without prioritising security and privacy has created a new target that criminals are just beginning to exploit," the researchers concluded.

"This requires immediate action by manufacturers, regulators and everyone responsible for connecting people to the internet. Because when these threats turn our technologies against us, no one can say that we weren't warned."

As for how the threats will change in the future, the researchers speculated that the majority of IoT threats are likely to focus on using hijacked computing power to help to launch denial-of-service (DoS) attacks and for cryptocurrency mining.

Businesses, meanwhile, have in the past been targeted through IoT infrastructure, including devices such as aquariums and cardiac devices, suggesting that hackers may down the line pursue high-value targets using connected devices.

The report echoed calls for legislation and harsher regulations around IoT security, with companies also calling for the government to intervene and set better regulations.

Research in January showed that 79% of decision-makers believe the government should be playing a more active role in combating IoT cyber crime, whether through creating a framework or establishing clear responsibilities.

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.