Home Security Threats to Linux IoT devices on the rise

Threats to Linux IoT devices on the rise

Malware detected by the security firm WatchGuard Technologies in the first quarter of 2017 indicated that there is a sharp rise in Linux threats directed against IoT devices.

The company's research, issued under the name Internet Security Report, looked at what was detected by installations of its software. It found that about 36% of the malware detected consisted of these Linux threats.

Many of these devices, which often use old versions of Linux, have a default username and password which users often do not bother to change. Logging in with these credentials — which are easy to find on the Web — gives root access to the device in question.

Corey Nachreiner, WatchGuard's chief technology officer, told iTWire that many of the Linux IoT infections started just as someone scanning the Internet for devices listening on telnet or SSH ports.

"Then they try to brute force a user credential, or use default passwords. If they can brute force a Linux credential, then the automated attack usually just logs into the Linux device and then runs a script to wget a bunch of files, which are Linux tools and trojans," he said. Wget is a popular command-line program used to download files on Linux systems.

Corey Nachreiner"In this scenario, that wget request would generate a Web request to download a file, and that¹s often how our gateway anti-virus would encounter those samples above and block them via HTTP."

Nachreiner (right) said there were remote Linux vulnerabilities that attackers could use to gain control of a Linux system, and then leverage that control to download malware.

"There are other simple attacks (brute-forcing weak SSH credentials) that could allow an attacker to gain local access to a Linux machine, and then try to download his malware. Then there are many Web and email phishing or social engineering techniques, that could try to get a user to unknowingly download malware.

"With our GAV statistics, we can¹t say which of these the attacker is doing, but we can say that these Linux threats attempted to get to a device over the Web, and were blocked."

WatchGuard said its report was based on anonymised Firebox Feed data from more than 26,500 active WatchGuard UTM appliances worldwide, representing a small portion of its overall install base.

Other findings in the report were that legacy anti-virus programs were missing the detection of new malware at a higher rate. AV solutions had missed 38% of the total threats which WatchGuard's products detected in Q1, compared to 30% in Q4 2016, the company claimed.

The report also said that the cyber security battleground was shifting toward Web servers, with drive-by downloads and browser-based attacks dominating in the first quarter of 2017.

It found that attackers were still exploiting the Android StageFright flaw which first gained notoriety in 2015.

Attackers were found to be taking a break from hacking during the holidays with the overall, threat volume decreasing 52% in Q1 2017 compared to Q4 2016.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.