IoT malware attacks becoming more sophisticated – with China and US at the source

IoT malware attacks becoming more sophisticated – with China and US at the source
IoT News is a practical resource providing news, analysis and opinion on the burgeoning Internet of Things ecosystem, from standardisation, to business use cases, and development opportunities. We take the best research and put our own spin on it, report from the frontline of the industry, as well as feature contributions from companies at the heart of this revolution.


Malware and DDoS attacks targeting the Internet of Things (IoT) have “come of age”, according to research released by security provider Symantec – with the US and China at the forefront of it.

The report examines how cybercriminals are taking advantage of unsecured IoT devices to spread malware and create zombie networks or botnets. China (34%) and the United States (28%) were the most frequent attack origins on Symantec’s specific IoT honeypot by count of unique attackers. Russia (9%), Germany (6%), the Netherlands (5%), and Ukraine (5%) were next, although with a distinct disparity.

The number of IoT threats jumped significantly in 2015 with many of them continuing to be active into this year, Symantec argues. In addition, poor security on IoT devices makes them “soft targets”, and combining that with attackers who are aware of lax IoT security makes for a deadly combination.

Malware attackers take a ‘straightforward’ approach to distribution, the researchers argue, with the most common method being scanning for random IP addresses with open Telnet or SSH ports followed by a brute force attempt to login.

While the methods are somewhat unsophisticated, the overall ecosystem is certainly becoming more proficient. The most recognisable and prevalent malware families – the ones to look out for – include Linux.Darlloz (aka Zollard), Linux.Aidra / Linux.Lightaidra, Linux.Xorddos (aka XOR.DDos), Linux.Gafgyt (aka GayFgt, Bashlite), Linux.Ballpit (aka LizardStresser), Linux.Moose, Linux.Dofloo (aka AES.DDoS, Mr. Black), Linux.Pinscan / Linux.Pinscan.B (aka PNScan), Linux.Kaiten / Linux.Kaiten.B (aka Tsunami), Linux.Routrem (aka Remainten, KTN-Remastered, KTN-RM), Linux.Wifatch (aka Ifwatch), and Linux.LuaBot.

Symantec argued several key tenets for users looking to stay protected on their IoT-enabled devices. Research the capabilities and security features before purchase, disable the Telnet login and use SSH where possible, use wired instead of wireless, and ensure a hardware outage does not result in leaving the device in an unsecured state.

You can read the full post here. in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *