Researchers uncover thriving market for malware targeting IoT devices

September 26, 2023 12:35 pm | Updated 12:56 pm IST

Researchers on the dark web uncovered a thriving underground economy that is being used by hackers to launch attacks on IoT devices  

A thriving underground economy on the dark web offering exploits for zero-day vulnerabilities in IoT devices as well as IoT malware bundled with infrastructure and supporting utilities was uncovered by Kaspersky researchers.

The most notable service, in high demand amongst hackers, was found to be Distributed Denial of Service (DDoS) attacks orchestrated through IoT botnets.

Internet of Things or IoT devices are non–standard computing hardware used to extend internet connectivity beyond traditional internet devices. IoT devices include sensors, actuators, or appliances capable of connecting to the internet. These devices can be remotely monitored or controlled and are used in both industrial as well as end-consumer products including mobile devices, industrial equipment, and medical devices.

ALSO READ

How cybersecurity firms are using AI to mitigate online threats 

While the primary method of infecting IoT devices was found to be brute-forcing weak passwords, which has been the preferred method for some time, exploiting vulnerabilities in network services was also found to be a popular method of compromising the security of IoT devices.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

IoT devices were also found to be facing vulnerabilities due to exploits in the services they use. These attacks often involve the execution of malicious commands by exploiting vulnerabilities in IoT web interfaces, resulting in significant consequences, such as the spread of malware.

The research also revealed that the cost of these services varies depending on factors like DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side, ranging from $20 per day to $10,000 per month.

“On average, the ads offered these services at $63.5 per day or $1350 per month,” Kaspersky said in a release.

“Kaspersky urges vendors to prioritize cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities,” Yaroslav Shmelev, a security expert at Kaspersky said.