Cybersecurity company GeoEdge reports that it has found what it says is the first ad-based cybercrime aimed specifically at home-network based IoT devices.
Working with ad-tech partners InMobi and Verve Group since mid June, GeoEdge’s security team used behavioral code analysis technology and malware detection capabilities to identify a “widely-distributed attack vector” and its origins in Slovenia and Ukraine.
An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
Malvertising spreads malware through the injection of malicious code into online display ads via online advertising networks, exposing user networks and connected devices to the potential risk of infection.
Advertising networks are generally unaware they’re serving malicious content. In these new IoT-based instances, hackers were able to initiate attacks via home network-based IoT devices without even having to get users to click on an infected ad or navigate to a malicious page.
Once installed, the malware can manipulate IoT devices, download apps without users’ consent, and enable possible theft of personal information and monetary instruments, as well as tampering with home systems such as smart locks and surveillance cameras.
GeoEdge — which made a pitch for its own cybersecurity capabilities in announcing its uncovering of the new malvertising threat — says that anti-virus apps and firewalls are not sufficient to block these attacks: Infected ads must be continuously blocked in real time.
Market research firm IoT Analytics forecasts more than 30 billion IoT device connections worldwide by 2025, “making home and industrial IoT an extremely attractive and vulnerable frontier for malvertisers,” the company points out.