Advanced Threats February 20, 2016
By Paul Sabanal 2 min read

The Internet of Things (IoT) is upon us. Everything from cars to home appliances, watches and even children’s toys are being connected online. It is projected that by the year 2020, there will be more 25 billion devices connected to the Internet.

Those numbers alone are enough to attract cybercriminals’ attention, but what is more relevant here is what these devices represent. It means more data to steal, more systems to take over and more money to be made.

The Next Evolution of Malware

In the past, this same line of reasoning sparked the evolution of malware. In the dawn of the Internet, we saw the proliferation of mass-mailing worms, when prior to that we had only seen file infectors and macro viruses. When Internet use became increasingly widespread in the early 2000s, financially motivated attackers took notice. That’s when we started seeing the likes of botnets, exploit kits and ransomware. We believe the rise of IoT will bring another evolution in malware in the form of thingbots.

Thingbots are botnets composed of infected IoT devices. These devices can be controlled by an owner to launch attacks, steal sensitive data or facilitate other malicious activities. We have already seen a few of these in the last couple of years.

Beware of Thingbots

Due to their ubiquity and the fact that they are usually connected directly to the Internet, wireless routers and modems are the primary targets for thingbots. Other devices that were targeted included network cameras and network storage systems. Most of these devices use Linux as their operating system, and this allows attackers to take existing Linux malware and recompile it to target the specific architecture the device is running on.

Access was gained on these devices mostly through Telnet default login credentials that the device owners left unchanged. There were also reports of infections through device vulnerabilities, as well. Distributed denial-of-service (DDoS) attacks were the primary use for the infected devices.

We believe that the current crop of IoT malware has not displayed a fraction of its potential yet. We know and expect that it will definitely increase in number, and it’s not a matter of if but how the malware will increase in sophistication. So we ask: What are thingbots capable of in the future? And most importantly, how can we protect ourselves from them?

Read the IBM Research Report: The inside story on botnets

 |  |  | 
Paul Sabanal
Security Researcher, IBM

Paul Sabanal is a security researcher on IBM Security Systems’s X-Force Advanced Research Team. He has more than a decade of experience in the information ...

More from Advanced Threats
Advanced Threats   August 2, 2022

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Advanced Threats   January 31, 2022

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Intelligence & Analytics   October 20, 2021

Detections That Can Help You Identify Ransomware

One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

Advanced Threats   October 14, 2021

How to Report Scam Calls and Phishing Attacks

With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature