Hackers using Linux flaws to attack IoT devices

Hackers using Linux flaws to attack IoT devices

Malware that exploits holes in the open source operating system Linux is turning more IoT devices into bots

According to the latest malware forecast from SophosLabs, the threat analysis arm of IT security supplier Sophos, malware targeting IoT devices gained momentum in 2016 and will likely remain a challenge in 2017.

The report states that one malware sample was built to evade anti-virus detection with consistent static updates, encrypted/obfuscated strings and even some rudimentary UPX [Ultimate Packer for Executables] packer hacking. UPX packers compress executable code to fit into fewer bytes of data.

One malware family was far more active than any of the others. The malware, known as Linux/DDoS-BI, spread by simply scanning over large IP address blocks, attempting to brute-force access to devices via SSH (Secure Shell), a network protocol that provides administrators with a secure way to access remote computers.

This malware targeted ‘low-hanging fruit’ – such as any device with a factory/default password. SophosLabs researchers said they have observed incidents involving the malware on the rise since October 2016. More than a hundred cases were observed in late October and were up to around 150 by mid-November. By mid-December, the total surpassed 200, and hit 466 the week of January 20, before slightly dropping again.

Related: Blockchain: transforming the IoT’s security vulnerability into a strategic advantage

More Golang-coded malware targeting IoT

Sophos expects an increase in the complexity of malware targeting IoT devices in the short term. It said that Golang – a free, open source programming language created at Google – has been used to create malware that targets IoT devices, as it is easy to learn and uses very little code, making it ideal for infecting devices with little on-board memory.

The company’s threat analysis team also said that they continue to receive samples of Mirai, the malware used in last year’s IoT-based attack against Dyn, but added:

“It’s important to note that, despite all the news coverage Mirai has received, we haven’t seen much of it affecting our customers. We see roughly two in 10,000 endpoints reporting Mirai detections,” the report’s authors said. But that’s no reason for complacency, it seems.

“We expect exploits against vulnerable IoT technology to continue on an upward trajectory, with attackers emboldened by the success of campaigns like last October’s Mirai assault against Dyn,” they warned.

Jason Hart, chief technology officer of data protection at digital security company Gemalto, told Internet of Business that IoT devices are portals that hackers can use to gain access to what they care about most – data.

“No matter how secure one device is, if there is another one that is connected to the same network that isn’t, hackers can manipulate and use this to access other devices within the network or, as in this case, stop normal operation of other systems,” he said.

“In order to prevent this from happening, organisations must ensure they are putting in the right protocols to protect the data at its source.”

Related: Hackers used flaws in IoT devices to take down university network