Security Market Segment LS
Wednesday, 05 July 2017 09:13

Threats to Linux IoT devices on the rise Featured

By

Malware detected by the security firm WatchGuard Technologies in the first quarter of 2017 indicated that there is a sharp rise in Linux threats directed against IoT devices.

The company's research, issued under the name Internet Security Report, looked at what was detected by installations of its software. It found that about 36% of the malware detected consisted of these Linux threats.

Many of these devices, which often use old versions of Linux, have a default username and password which users often do not bother to change. Logging in with these credentials — which are easy to find on the Web — gives root access to the device in question.

Corey Nachreiner, WatchGuard's chief technology officer, told iTWire that many of the Linux IoT infections started just as someone scanning the Internet for devices listening on telnet or SSH ports.

"Then they try to brute force a user credential, or use default passwords. If they can brute force a Linux credential, then the automated attack usually just logs into the Linux device and then runs a script to wget a bunch of files, which are Linux tools and trojans," he said. Wget is a popular command-line program used to download files on Linux systems.

Corey Nachreiner"In this scenario, that wget request would generate a Web request to download a file, and that¹s often how our gateway anti-virus would encounter those samples above and block them via HTTP."

Nachreiner (right) said there were remote Linux vulnerabilities that attackers could use to gain control of a Linux system, and then leverage that control to download malware.

"There are other simple attacks (brute-forcing weak SSH credentials) that could allow an attacker to gain local access to a Linux machine, and then try to download his malware. Then there are many Web and email phishing or social engineering techniques, that could try to get a user to unknowingly download malware.

"With our GAV statistics, we can¹t say which of these the attacker is doing, but we can say that these Linux threats attempted to get to a device over the Web, and were blocked."

WatchGuard said its report was based on anonymised Firebox Feed data from more than 26,500 active WatchGuard UTM appliances worldwide, representing a small portion of its overall install base.

Other findings in the report were that legacy anti-virus programs were missing the detection of new malware at a higher rate. AV solutions had missed 38% of the total threats which WatchGuard's products detected in Q1, compared to 30% in Q4 2016, the company claimed.

The report also said that the cyber security battleground was shifting toward Web servers, with drive-by downloads and browser-based attacks dominating in the first quarter of 2017.

It found that attackers were still exploiting the Android StageFright flaw which first gained notoriety in 2015.

Attackers were found to be taking a break from hacking during the holidays with the overall, threat volume decreasing 52% in Q1 2017 compared to Q4 2016.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments