More Than 7,000 IoT Malware Have Been Discovered in 2017 Alone

//More Than 7,000 IoT Malware Have Been Discovered in 2017 Alone

A greater number of devices connected to the Internet and each other also means a significant increase in the number of malware that reaches these devices. This is the conclusion of Kaspersky Lab’s five-month study of threats involving the Internet of Things (IoT).

Only from January to May 2017, researchers detected 7,242 samples of malware on those devices. The number is 74% more than the total number of samples detected in the period between 2013 and 2016.

According to the scientists, the attacks already existed a few years ago, but they even boomed in 2016 with the emergence of the Mirai botnet. And there is no lack of devices to be targeted: according to Gartner data, there are more than 6 billion devices connected to the Internet on the planet.

Size is not document

Whether they are thermostats, sensors, refrigerators, garage doors, smart wristbands or even toys, these products are especially vulnerable because the firmware of each product usually does not receive as many security updates. It has standard passwords and does not receive the user’s due attention. And, once controlled, they can not only receive commands remotely but also serve as the gateway to the invasion of other electronics in the house.

On the other hand, hackers find several advantages when attacking such devices because they have low power consumption, are portable, low cost, are available on the Internet and can be configured with open source tools available for free.

The number of connected device installations in the healthcare industry is increasing consistently. According to a report by Grand View, it is estimated that globally the healthcare industry will invest about $ 410 billion in IoT devices, services and software by 2022. Along with this trend, emerged from some procedures like Medjack, in which attackers seek to compromise equipment that connects to medical devices.

In August of this year, one of the leading manufacturers of pacemakers issued a call alert to upgrade firmware to about 465,000 patients after discovering a vulnerability that gives the attacker the ability to perform different attack vectors that would have a direct health impact of patients.

It’s a trend that is far from reversible and increasing every day. This leads us to the urgency of thinking about what security measures should be taken for this type of technology.

By |2017-10-04T09:46:50+00:00October 4th, 2017|Technology|3 Comments


  1. Ogeto Omwancha D. October 9, 2017 at 11:52 am - Reply

    Digital technology in the 21st Century has increased efficiency and the quality of life with more and more innovative startups coming up with devices connected to the internet and controlled remotely. However, some applications of digital technology, if not well managed or properly constituted, can be overly catastrophic and costly. We’ve become very comfortable living in a connected world. But the conveniences that come with it are just one side of the coin. The issue of smart device security is serious, and one that we should all be aware of. Because of the large number and variety of devices, the IoT has become an attractive target for cybercriminals. By successfully hacking IoT devices criminals are able to spy on people, blackmail them, and even discreetly make them their partners in crime. What’s worse, botnets such as Mirai and Hajime have indicated that the threat is on the rise. Smart Cities, hyper connected cities that are made up of networks of millions of devices, are a prime example of the embedding of digital technology in our daily lives. Cities around the world are increasingly “smart”, and it is estimated that by 2020 there will be more than 50 billion devices connected to the Internet. This comes with immense security risks affecting cities’ infrastructure, such as traffic lights or the city’s water supply. The IoT environment is fragile and exposed in the face of cybercriminals. The vast majority of smart devices are running operating systems based on Linux, making attacks on them easier because criminals can write generic malicious code that targets a huge number of devices simultaneously.

  2. Jonney October 10, 2017 at 5:30 pm - Reply

    The most fascinating implication of this is that the network will be used for a SETI-like operation (with, obviously, goals unknown ATT). Given that the IOT network includes smartphones and thus an interface with a number of theoretically alive users–humans–which means a constant presentation of exactly behavioral conditions (this does present a hypothetical situation where a ‘computer’ system could arrive at conclusions not requested by an outside user). It would be extremely wise to monitor all available networks for ‘unexpected’ occurrences. The issue of smart device security is serious, and one that we should all be aware of. Last year showed that it is not just possible to target connected devices, but that this is a very real threat.

  3. Johanna Hernandez December 23, 2017 at 2:11 pm - Reply

    Digital technology seems to be a threack for the users of the cloud computing, although the innovative developments are everytime more practicals, a big problem is growing from it. The number of new malware samples in the wild this year targeting connected internet-of-things (IoT) devices has already more than doubled last year’s total. Honeypots laid out by Kaspersky Lab researchers mimicking a number of connected devices running Linux have attracted more than 7,200 different malware samples through May, all bent on infecting connected devices over telnet and SSH primarily. Last year, Kaspersky detected 3,200 samples. It has been showed cybercriminals the way last fall, using malware to corral DVRs, IP-enabled cameras and home networking gear into a giant IoT botnet that was used to DDoS a number of high-profile targets. The malware spawned a number of variants and copycats, including the destructive BrickerBot malware family that bricks vulnerable IoT devices running with telnet exposed to the internet with default passwords. Good post!

Leave A Comment