More malware strains in H1 than all of last year bodes poorly for IoT

Dive Brief:

There were nearly four times as many strains of malware targeting smart devices in the first half of 2018 as there were in all of 2017, according to a Kaspersky Lab report. Last year had 10 times as many samples as 2016; if the pattern continues, it "doesn't bode well for the years ahead."
The Mirai family remains the preferred choice of hackers looking to infiltrate internet of things devices, accounting for almost 16% of attacks, while cracking Telnet passwords was the most popular attack and infection vector, making up just over 75% of attacks on Kaspersky's decoy computers. Many devices do not support Telnet password protocols though, so with password bruteforce attacks rendered somewhat less effective, more "alternative technology" is being used, such as the Reaper botnet that uses known software vulnerabilities.
To minimize infection risks, Kaspersky Lab recommended not connecting devices from an outside network unless necessary, periodically rebooting, regularly updates and checks for firmware, changing default passwords to complex ones and disabling unused ports.

Number of malware samples for IoT devices in Kaspersky Lab's collection, 2016-2018.

Kaspersky Lab

Dive Insight:

The internet of things is expected to add $11 trillion to the global economy by 2025, according to the Information Technology and Innovation Foundation (ITIF), but a piece of this impact may be offset by cybersecurity exploits.

Security in connected devices is often addressed as an afterthought, and a lack of incentive mechanisms often means users don't follow regular security updates or best practices.

A lack of cybersecurity policies in IoT devices also means there are "weak market signals to reward companies for investing in cybersecurity or to help more secure products to gain market share," according to ITIF. But if companies had to disclose security policies, there could be more competitive interest among device makers and providers and more transparency for customers.

Cybersecurity experts have been expecting threats to get worse in 2018, with email, internet of things and mobile devices pinpointed as the most threatening attack vectors for business. But for many industries where connected devices and sensors are expected to make the biggest impact, such as manufacturing and industry, cybersecurity talent shortages remain a thorn in the side of technology leaders.