IoT malware and the vulnerability of ‘smart’ objects

The number of IoT (Internet of Things) devices has increased at the same rate as the number of IT attacks targeted at smart devices and objects. According to data from research by the Kaspersky Lab, IoT malware tripled in the first quarter of 2018 compared to the same period the previous year.

When this particular malware attacks, the intelligent sensors typical of the Internet of Things, can become very dangerous. The main risks involve privacy. Intelligent objects also include connected video cameras, as well as speakers which work via Artificial Intelligence; in other words, devices which are capable of spying on us.

Also worthy of note are the dangers posed to our physical wellbeing. One example is the malfunctioning of a vehicle’s IoT sensor, a situation which could pose a major threat to the physical safety of the driver and passengers.

Generally speaking, hackers exploit smart objects to launch attacks on companies or institutional organisations. Internet of Things sensors can also be used to mine cryptocurrencies for illicit purposes and even for DDoS attacks, not to mention the creation of botnets.

Why are Internet of Things devices targeted?

Intelligent devices are often attacked by IoT malware because their security standards are minimal. In fact, users who purchase a smart object often forget to change the password set by the manufacturer, which may be the same for all the devices. This of course, makes it much easier for the hacker to gain access.

In almost all the IoT malware attacks identified by Kaspersky, the underlying technique was password theft. In order to find devices which are not sufficiently encrypted, hackers use a search engine known as Shodan and originally developed to display images from unprotected webcams around the world, without, of course, the knowledge of the individuals being recorded.

The smart devices most frequently attacked by malware are routers, which are the target in around 60% of cases. Next we can find printers, thermostats, smart domestic sensors and intelligent washing machines. In all these cases, it is fundamental to check security standards and replace the default password with a personalised one immediately after purchase.

The most common malware

In the last few months of 2018, intelligent devices were attacked by three IoT malware programs. They were Mirai, IoTroop/Reaper and VPN Filter. The first and most dangerous of these mainly attacks consumer devices, such as IP videocameras and routers in domestic use. These devices are used as nodes for botnets in order to launch attacks which can be large scale.

Mirai works by taking advantage of security holes already noted and once it has taken control of the devices, it uses them to launch DDoS type attacks. Attacked devices are then transformed into botnets, or zombie computers.

Mirai evolves in an unusual way, that is by combining with a Windows Trojan. This was discovered by a team of Russian experts specialised in IT security. Their work led to the identification of a new kind of malware, known as Trojan.Mirai.1.

Its main objective is to attack devices which operate on the Microsoft system. Once it has penetrated the system, it starts to search the affected network for Linux devices which are connected but unprotected. Once it has found them, the Trojan starts to download the Mirai malware onto all these devices.

IoTroop/Reaper, which shares part of its code with Mirai, is basically a botnet built by infecting devices which are not fitted with a security patch. VPN Filter on the other hand is a malware which attacks routers and network storage devices.

Translated By Joanne Beckwith