A new malware has infected roughly 13,500 Internet of Things (IoT) devices like Android TVs in 84 countries, chiefly in Asia, and that number continues to grow, US-based cyber security firm Barracuda Network said on Thursday.
Busy building a botnet for a big scale attack, a new variant of the InterPlanetary Storm malware is targeting IoT devices such as TVs that run on Android operating systems and Linux-based machines, such as routers with ill-configured SSH (secure shell) service.
“While the botnet that this malware is building does not have clear functionality yet, it gives the campaign operators a backdoor into the infected devices so they can later be used for cryptomining, DDoS, or other large-scale attacks,” warned Murali Urs, Country Manager-India, Barracuda Networks.
Although many cases of the new variant have been reported from Asian countries like China, Hong Kong, South Korea, and Taiwan, “Indian IoT devices haven’t been much in the radar of the cybercriminal organisations,” he added.
The malware has already been targeting Mac and Android devices in addition to Windows and Linux machines.
The first variant of Interplanetary Storm, which targeted Windows machines, was uncovered in May last year.
Its capability of attacking Linux machines was reported in June this year.
Barracuda researchers found several unique features designed by the cybercriminal organisation to help the malware persist and protect it once it has infected a machine.
It detects the computer security mechanism, honeypots, auto updates itself, tries to persist itself by installing a service using a “Go daemon” package and also kills other processes on the machine that pose a threat to the malware, such as debuggers and competing malware.
Such a rapidly evolving threat environment requires advanced inbound and outbound security techniques that go beyond the traditional gateway.
“To safeguard IoT devices against this malware variant, it will be necessary to properly configure SSH access on all devices. This means using keys instead of passwords, which will make access more secure,” the researchers noted.
When password login is enabled and the service itself is accessible, the malware can exploit the ill-configured attack surface.
“Since the issue is common with routers and IoT devices, they become easy targets for the InterPlanetary Storm malware”.
Meanwhile, to monitor SSH access control, a cloud security posture management tool must be used that will eliminate any configuration mistakes, which can be catastrophic, the researchers said.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]