Report: New IoT Malware Already More Than Double 2016 Total

According to Kaspersky Labs, the number of new malware variants targeting Internet of Things (IoT) devices is more than double the amount detected in all of 2016. So far this year their honeypots have captured over 7,200 different malware samples. Last year they found 3,200.

“After just a few seconds we saw the first attempted connections to the open telnet port. Over a 24-hour period there were tens of thousands of attempted connections from unique IP addresses,” researchers wrote in a report published on Securelist.com.

The report found that 63% of the attacks it captured were coming from DVRs or IP cameras, with the remaining coming from networking devices and other unrecognized ones. The sources were diverse, with China, Vietnam, Russia, Brazil and Turkey making up the top five. So far this year the researchers have detected over two million attempts from more than 11,000 unique IP addresses, the majority coming from Vietnam, Taiwan and Brazil.

“The growing number of malware programs targeting IoT devices and related security incidents demonstrates how serious the problem of smart device security is,” the researchers wrote. “The existing competition in the DDoS market drives cybercriminals to look for new resources to launch increasingly powerful attacks.”

Kaspersky cited the TR-069 vulnerability as the main reason IoT devices are easy to target. Lack of automated updated, hardcoded passwords, and poor default admin passwords that are often the same across an entire product line were also cited. They published a list of default and popular credential combinations used by malware to access connected devices, including those used against telnet and SSH ports.

“The Mirai botnet has shown that smart devices can be harnessed for this purpose – already today, there are billions of these devices globally, and by 2020 their number will grow to 20-50 billion devices, according to predictions by analysts at different companies,” researchers wrote.