Linux Malware’s Exploitation of Consumer IoT Devices on the Rise
An increase in Linux-based malware is evidence that hackers are increasingly targeting IoT devices, according to a new quarterly security research report from cybersecurity vendor WatchGuard.
Linux malware made up more than a third of the top malware WatchGuard detected by analyzing anonymous threat data it gathered from tens of thousands of unified threat management appliances (its Firebox devices) globally. That’s three times more than it detected in its last quarterly report–growth that researchers attributed to hackers exploiting “systemic weakness” in an ever-expanding universe of connected devices.
Researchers said device manufacturers focus on usability and affordability over security and have released a “huge number of incredibly unsecure IoT devices” to consumers who have little security knowledge of how to protect them. Consumer IoT devices are often connected to the Internet without any firewall, allowing attackers easy access, and Open Telnet ports and SSH combined with weak passwords that consumers don’t (or can’t) change allow attackers to quickly infect.
“In the current state of the industry, IoT devices can’t yet be trusted,” researchers wrote. “While there are certainly exceptions, our research, as well as other industry research, suggests the vast majority of IoT devices have major security weaknesses and can pose a threat to the rest of your network.”
Researchers urged consumers to take steps to secure the IoT devices they purchase.
“You might presume criminals don’t care about your webcams, refrigerators or DVRs, but attackers know they can use these local devices to reach more important computers in your network,” researchers wrote. “Since manufacturers are shipping these devices with vulnerabilities, it’s up to you to secure them.”
Steps consumers can take include:
Protect IoT devices by firewalling them from the Internet, exposing only necessary services, and segment the internal network. Implement network firewall rules to block inbound Telnet and SSH access not only from the Internet, but from other internal networks as well (to prevent attack pivoting).
Change default passwords, and stay current on updates. IoT manufacturers often hard-code weak or non-existent passwords to make their products easier to use.
Avoid exposing command line interface (CLI) management interfaces to the Internet. Most IoT devices have no legitimate need for CLI access via Telnet or SSH, the researchers wrote, but consumers should take extra caution if it does, and implement network firewall rules to block inbound Telnet and SSH access not only from the Internet but from other internal networks, according to the report.