Categories: NetworksSecurity

Sophos: IoT Malware Growing More Sophisticated

The Mirai botnet that gained notoriety last year is not an isolated case of malware targeting Internet-connected devices, with such attacks generally rising and using increasingly sophisticated techniques to evade detection.

Attackers are increasingly making use of security holes in Linux to infect such devices, sometimes called the Internet of Things (IoT), with malware, according to SophosLabs’ 2017 forecast, which looks at significant trends in computer security.

IoT attacks no longer theoretical

While IoT attacks aren’t new, they have been discussed largely as a theoretical problem until now, Sophos said.

That changed last autumn when Mirai was used as part of a distributed denial-of-service (DDoS) attack on DNS provider Dyn, which temporarily made high-profile websites such as Twitter, Paypal, Netflix and Reddit inaccessible.

Sophos said IoT devices are mainly being targeted by malware that looks for security holes in the variants of Linux that power most of the gadgets involved.

“Default passwords, out-of-date versions of Linux and a lack of encryption will continue to make these devices ripe for abuse,” Sophos said in the study.

The Linux attack software involved grew more complex throughout 2016, with one malware variant found to use high-level techniques such as consistent static updates, encrypted or obfuscated strings and UPX packer hacking to avoid detection by antivirus software.

The most common IoT malware was far simpler, however, instead simply targeting devices that used factory-default passwords.

Android, MacOS malware

That was the case with Linux/DDoS-BI, which was far more active than any other variant targeting IoT gadgets, Sophos said.

The company noted its honeypots detected a steady rise in the variant, from more than 100 by late October to around 466 the week of 20 January.

It found malware increasingly using the Lua and Go languages, the latter – also referred to as “golang” – being an open-source language developed by Google engineers.

“Whatever happens in the next 12 months, one thing is clear: Golang… has seen a surge in popularity among tool writers,” Sophos said in the study.

IoT malware infects devices such as Internet-connected cameras and household items, with chancellor Philip Hammond warning over the weekend that kettles and fridges are at risk.

The paper also examined the increasing pervasiveness of Android malware and the appearance of MacOS malware that attempts to steal passwords or install ransomware.

More than 20 percent of the Android malware Sophos analysed during 2016 was from a single family, called Andr/PornClk, which makes money through advertisements and membership registrations and is difficult to remove, as it makes use of root privileges.

The company said MacOS is targeted far less frequently than Windows, but Mac software is often technically sophisticated and looks to steal data or provide covert remote access to thieves.

“Though it continues to see fewer malware and ransomware infections than Windows, MacOS saw its fair share in 2016, and we expect that trend to continue,” Sophos stated.

Do you know all about the Internet of Things? Take our quiz.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

NHS Staff Say New Tech Will Treat Extra 18.6 Million Patients A Year

Research from Virgin Media O2 Business finds majority of NHS staff believe new tech will…

3 hours ago

Alphabet Q2 Beats Expectations, But Shares Dip

Despite share buyback and positive Q2 results, Alphabet's share price falls over YouTube slowdown and…

4 hours ago

Google Cancels Plan To Axe Third Party Cookies For Chrome Browser

Better switch to Firefox? After years of delays, Google performs u-turn and will no longer…

6 hours ago

Meta Releases Open Source Llama 3.1 AI Model

Release of latest AI model, Llama 405B, offers improved reasoning capabilities especially for math and…

6 hours ago

Microsoft Blames 2009 EU Agreement For World’s Biggest IT Outage

Redmond says EU deal gave CrowdStrike the keys to the Windows kernel, allowing last week's…

10 hours ago