Home Security Threats to Linux IoT devices on the rise

Threats to Linux IoT devices on the rise

Threats to Linux IoT devices on the rise Featured

Malware detected by the security firm WatchGuard Technologies in the first quarter of 2017 indicated that there is a sharp rise in Linux threats directed against IoT devices.

The company's research, issued under the name Internet Security Report, looked at what was detected by installations of its software. It found that about 36% of the malware detected consisted of these Linux threats.

Many of these devices, which often use old versions of Linux, have a default username and password which users often do not bother to change. Logging in with these credentials — which are easy to find on the Web — gives root access to the device in question.

Corey Nachreiner, WatchGuard's chief technology officer, told iTWire that many of the Linux IoT infections started just as someone scanning the Internet for devices listening on telnet or SSH ports.

"Then they try to brute force a user credential, or use default passwords. If they can brute force a Linux credential, then the automated attack usually just logs into the Linux device and then runs a script to wget a bunch of files, which are Linux tools and trojans," he said. Wget is a popular command-line program used to download files on Linux systems.

Corey Nachreiner"In this scenario, that wget request would generate a Web request to download a file, and that¹s often how our gateway anti-virus would encounter those samples above and block them via HTTP."

Nachreiner (right) said there were remote Linux vulnerabilities that attackers could use to gain control of a Linux system, and then leverage that control to download malware.

"There are other simple attacks (brute-forcing weak SSH credentials) that could allow an attacker to gain local access to a Linux machine, and then try to download his malware. Then there are many Web and email phishing or social engineering techniques, that could try to get a user to unknowingly download malware.

"With our GAV statistics, we can¹t say which of these the attacker is doing, but we can say that these Linux threats attempted to get to a device over the Web, and were blocked."

WatchGuard said its report was based on anonymised Firebox Feed data from more than 26,500 active WatchGuard UTM appliances worldwide, representing a small portion of its overall install base.

Other findings in the report were that legacy anti-virus programs were missing the detection of new malware at a higher rate. AV solutions had missed 38% of the total threats which WatchGuard's products detected in Q1, compared to 30% in Q4 2016, the company claimed.

The report also said that the cyber security battleground was shifting toward Web servers, with drive-by downloads and browser-based attacks dominating in the first quarter of 2017.

It found that attackers were still exploiting the Android StageFright flaw which first gained notoriety in 2015.

Attackers were found to be taking a break from hacking during the holidays with the overall, threat volume decreasing 52% in Q1 2017 compared to Q4 2016.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News