New IoT malware detections have soared over 200% since 2017 to reach over 120,000, according to new stats from Kaspersky Lab.
The Russian AV vendor claimed to have spotted 121,588 modifications of malware targeted at smart devices in the first half of 2018, a 273% increase on the 32,614 detected for the whole of last year.
The most popular way to spread malware is brute-forcing of passwords: used in 93% of detected attacks. Most of the remaining cases used well-known exploits to access the devices, according to the vendor.
The most commonly compromised devices were routers, accounting for 60% of the total, followed by a long tail of other connected devices including DVRs, printers and even smart washing machines.
IoT endpoints represent an attractive target for hackers as they’re always on, connected to the internet and often not secured adequately with strong passwords and updated firmware.
The threat is such that the FBI was forced to issue a public service announcement recently warning home users of the dangers of unsecured devices: most notably that they could be conscripted into botnets to launch DDoS attacks, crypto-mining, click fraud and more.
“For those people who think that IoT devices don’t seem powerful enough to attract the attention of cyber-criminals, and that won’t become targets for malicious activities, this research should serve as a wake-up call. Some smart gadget manufacturers are still not paying enough attention to the security of their products, and it’s vital that this changes — and that security is implemented at the design stage, rather than considered as an afterthought,” argued Kaspersky Lab principal security researcher, David Emm.
“At this point, even if vendors improve the security of devices currently on the market, it will be a while before old, vulnerable devices have been phased out of our homes. In addition, IoT malware families are rapidly being customized and developed, and while previously exploited breaches have not been fixed, criminals are constantly discovering new ones.”
Earlier this year the British Standards Institution launched a kitemark scheme designed to improve baseline security in the IoT space by making it easier for buyers to spot reliable kit.