Light Dark
February 20, 2016 By Paul Sabanal 2 min read
Advanced Threats
Malware
X-Force

The Internet of Things (IoT) is upon us. Everything from cars to home appliances, watches and even children’s toys are being connected online. It is projected that by the year 2020, there will be more 25 billion devices connected to the Internet.

Those numbers alone are enough to attract cybercriminals’ attention, but what is more relevant here is what these devices represent. It means more data to steal, more systems to take over and more money to be made.

The Next Evolution of Malware

In the past, this same line of reasoning sparked the evolution of malware. In the dawn of the Internet, we saw the proliferation of mass-mailing worms, when prior to that we had only seen file infectors and macro viruses. When Internet use became increasingly widespread in the early 2000s, financially motivated attackers took notice. That’s when we started seeing the likes of botnets, exploit kits and ransomware. We believe the rise of IoT will bring another evolution in malware in the form of thingbots.

Thingbots are botnets composed of infected IoT devices. These devices can be controlled by an owner to launch attacks, steal sensitive data or facilitate other malicious activities. We have already seen a few of these in the last couple of years.

Beware of Thingbots

Due to their ubiquity and the fact that they are usually connected directly to the Internet, wireless routers and modems are the primary targets for thingbots. Other devices that were targeted included network cameras and network storage systems. Most of these devices use Linux as their operating system, and this allows attackers to take existing Linux malware and recompile it to target the specific architecture the device is running on.

Access was gained on these devices mostly through Telnet default login credentials that the device owners left unchanged. There were also reports of infections through device vulnerabilities, as well. Distributed denial-of-service (DDoS) attacks were the primary use for the infected devices.

We believe that the current crop of IoT malware has not displayed a fraction of its potential yet. We know and expect that it will definitely increase in number, and it’s not a matter of if but how the malware will increase in sophistication. So we ask: What are thingbots capable of in the future? And most importantly, how can we protect ourselves from them?

Read the IBM Research Report: The inside story on botnets

 |  |  | 
Paul Sabanal
Security Researcher, IBM

More from Advanced Threats
May 24, 2024

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature