Exploring Shifting Patterns in Recent IoT Malware
| dc.contributor.author | Carrillo-Mondejar, Javier | |
| dc.contributor.author | Suarez-Tangil, Guillermo | |
| dc.contributor.author | Costin, Andrei | |
| dc.contributor.author | Rodríguez, Ricardo J. | |
| dc.contributor.editor | Lehto, Martti | |
| dc.contributor.editor | Karjalainen, Mika | |
| dc.date.accessioned | 2024-06-27T12:21:39Z | |
| dc.date.available | 2024-06-27T12:21:39Z | |
| dc.date.issued | 2024 | |
| dc.identifier.citation | Carrillo-Mondejar, J., Suarez-Tangil, G., Costin, A., & Rodríguez, R. J. (2024). Exploring Shifting Patterns in Recent IoT Malware. In M. Lehto, & M. Karjalainen (Eds.), <i>Proceedings of the 23rd European Conference on Cyber Warfare and Security</i> (23, pp. 96-106). Academic Conferences International Ltd. Proceedings of the European Conference on Cyber Warfare and Security. <a href="https://doi.org/10.34190/eccws.23.1.2280" target="_blank">https://doi.org/10.34190/eccws.23.1.2280</a> | |
| dc.identifier.other | CONVID_220856347 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/96206 | |
| dc.description.abstract | The rise of malware targeting interconnected infrastructures has surged in recent years, driven largely by the widespread presence of vulnerable legacy IoT devices and inadequately secured networks. Despite the strong interest attackers have in targeting this infrastructure, a significant gap remains in understanding how the landscape has recently evolved. Addressing this knowledge gap is essential to thwarting the proliferation of massive botnets, thereby safeguarding end-users and preventing disruptions in critical infrastructures. This work offers a contemporary analysis of Linux-based malware, specifically tailored to IoT malware operating in 2021-2023. Using automated techniques involving both static and dynamic analysis, we classify malware into related threats. By scrutinizing the most recent dataset of Linux-based malware and comparing it to previous studies, we unveil distinctive insights into emerging trends, offering an unparalleled understanding of the evolving landscape. Although Mirai and Gafgyt remain the most prominent families and present a large number of variants, our results show that (i) there is an increase in the sophistication of malware, (ii) malware authors are adding new exploits to their arsenal, and (iii) malware families that originally attacked Windows systems have been adapted to attack Linux-based devices. | en |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | |
| dc.publisher | Academic Conferences International Ltd | |
| dc.relation.ispartof | Proceedings of the 23rd European Conference on Cyber Warfare and Security | |
| dc.relation.ispartofseries | Proceedings of the European Conference on Cyber Warfare and Security | |
| dc.rights | CC BY-NC-ND 4.0 | |
| dc.subject.other | static analysis | |
| dc.subject.other | dynamic analysis | |
| dc.subject.other | malware IoT | |
| dc.subject.other | malware evolution | |
| dc.subject.other | malware lineage | |
| dc.title | Exploring Shifting Patterns in Recent IoT Malware | |
| dc.type | conferenceObject | |
| dc.identifier.urn | URN:NBN:fi:jyu-202406275048 | |
| dc.contributor.laitos | Informaatioteknologian tiedekunta | fi |
| dc.contributor.laitos | Faculty of Information Technology | en |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | |
| dc.type.coar | http://purl.org/coar/resource_type/c_5794 | |
| dc.description.reviewstatus | peerReviewed | |
| dc.format.pagerange | 96-106 | |
| dc.relation.issn | 2048-8602 | |
| dc.relation.numberinseries | 1 | |
| dc.relation.volume | 23 | |
| dc.type.version | publishedVersion | |
| dc.rights.copyright | © 2024 European Conference on Cyber Warfare and Security | |
| dc.rights.accesslevel | openAccess | fi |
| dc.relation.conference | European Conference on Cyber Warfare and Security | |
| dc.subject.yso | kyberturvallisuus | |
| dc.subject.yso | infrastruktuurit | |
| dc.subject.yso | haittaohjelmat | |
| dc.format.content | fulltext | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p26189 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p17539 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p2837 | |
| dc.rights.url | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.relation.doi | 10.34190/eccws.23.1.2280 | |
| jyx.fundinginformation | This research was supported in part by TED2021-132900A-I00 and by TED2021-131115A-I00, funded by MCIN/AEI/10.13039/501100011033, by the Recovery, Transformation and Resilience Plan funds, financed by the European Union (Next Generation), by the Spanish National Cybersecurity Institute (INCIBE) under Proyectos Estratégicos de Ciberseguridad -- CIBERSEGURIDAD EINA UNIZAR, and by the University, Industry and Innovation Department of the Aragonese Government under Programa de Proyectos Estratégicos de Grupos deInvestigación (DisCo research group, ref. T21-23R). G. Suarez-Tangil was appointed as 2019 Ramon y Cajal fellow (RYC-2020-029401-I) funded by MCIN/AEI/10.13039/501100011033 and ESF Investing in your future.(Part of) This work was supported by the European Commission under the Horizon Europe Programme, as part of the project LAZARUS (https://lazarus-he.eu/) (Grant Agreement no. 101070303). | |
| dc.type.okm | A4 |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as CC BY-NC-ND 4.0