IoT malware ecosystem in the wild: A glimpse into analysis and exposures

Jinchun Choi, Jeffrey Spaulding, Afsah Anwar, Dae Hun Nyang, Hisham Alasmary, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

5 Scopus citations

Abstract

The lack of security measures among the Internet of Things (IoT) devices and their persistent online connection give adversaries a prime opportunity to target them or even abuse them as intermediary targets in larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware and focus on the endpoints reachable on the public Internet, and play an essential part in the IoT malware ecosystem. Namely, we analyze endpoints acting as dropzones and their targets to gain insights into the underlying dynamics in this ecosystem, such as the affinity between the dropzones and their target IP addresses, and the different patterns among endpoints. Towards this goal, we reverse-engineer 2,423 IoT malware samples and extract strings from them to obtain IP addresses. We further gather information about these endpoints from public Internet-wide scanners, such as Shodan and Censys. For the masked IP addresses, we examine the Classless Inter-Domain Routing (CIDR) networks accumulating to more than 100 million (≈78.2% of total active public IPv4 addresses) endpoints.

Original languageEnglish
Title of host publicationProceedings of the 4th ACM/IEEE Symposium on Edge Computing, SEC 2019
PublisherAssociation for Computing Machinery, Inc
Pages413-418
Number of pages6
ISBN (Electronic)9781450367332
DOIs
StatePublished - 7 Nov 2019
Event4th ACM/IEEE Symposium on Edge Computing, SEC 2019 - Arlington, United States
Duration: 7 Nov 20199 Nov 2019

Publication series

NameProceedings of the 4th ACM/IEEE Symposium on Edge Computing, SEC 2019

Conference

Conference4th ACM/IEEE Symposium on Edge Computing, SEC 2019
Country/TerritoryUnited States
CityArlington
Period7/11/199/11/19

Keywords

  • Endpoints
  • Internet of Things
  • Malware

Fingerprint

Dive into the research topics of 'IoT malware ecosystem in the wild: A glimpse into analysis and exposures'. Together they form a unique fingerprint.

Cite this