Malware Attacks IoT Devices Running Windows 7

Coinciding with the end of support for Windows 7 last month, cyber-criminals have begun a malware campaign targeting vulnerable Internet of Things (IoT) devices.

Spotted by researchers at TrapX Labs, the malware campaign uses a phishing email to make an initial entry. After that, the malware spreads, using tools to crack weak passwords, pass-the-hash, and other software vulnerabilities, until it infects the entire system.

SEE ALSO: Managing a Real-Time Recovery in a Major Cloud Outage

Originally spotted in Latin America, TrapX Labs CEO Ori Bach said it has since spread to North America, Africa, and the Middle East. It has infected several large organizations, damaging operational equipment and delaying product shipments.

“The infection targeted a range of devices ranging from smart printers, smart TV’s, and even heavy operational equipment,” said TrapX Labs. “Infected devices are at risk to malfunction creating risks to safety, disruption of the supply chain, and data loss.”

In the research report, TrapX Labs reveal that a supply chain attack infected an automatic guided vehicle (AGV), causing it to malfunction on the shop floor. After analysis, three other vehicles were found to be infected with the same malware.

Originally developed at a cryptominer, the Lemon_Duck malware variant has been customized to attack all types of IoT devices. Clearly, hackers see IoT as the weakest chain in an organization’s link, with many devices completely unprotected.

This lack of built-in security for IoT devices, alongside an outdated operating system, is a recipe for disaster.

Some developers have started to make IoT devices more secure, with longer passwords, more warnings to change them, better interfaces for users and built-in encryption, however, a lot of older devices have none of those defenses and now lack stable security updates.