# Analyzing Endpoints in the Internet of Things Malware

**Authors:** Jinchun Choi, Afsah Anwar, Hisham Alasmary, Jeffrey Spaulding, DaeHun, Nyang, Aziz Mohaisen

arXiv: 1902.03531 · 2019-02-12

## TL;DR

This paper conducts a detailed analysis of IoT malware endpoints by reverse-engineering samples and leveraging Internet-wide scanner data to understand attack patterns and device vulnerabilities.

## Contribution

It introduces a comprehensive data-driven approach to analyze IoT malware endpoints and their relationships with target IPs and dropzones.

## Key findings

- Identified patterns in dropzone-target relationships.
- Mapped attack surface of IoT devices.
- Enhanced understanding of IoT malware infrastructure.

## Abstract

The lack of security measures in the Internet of Things (IoT) devices and their persistent online connectivity give adversaries an opportunity to target them or abuse them as intermediary targets for larger attacks such as distributed denial-of-service (DDoS) campaigns. In this paper, we analyze IoT malware with a focus on endpoints to understand the affinity between the dropzones and their target IP addresses, and to understand the different patterns among them. Towards this goal, we reverse-engineer 2,423 IoT malware samples to obtain IP addresses. We further augment additional information about the endpoints from Internet-wide scanners, including Shodan and Censys. We then perform a deep data-driven analysis of the dropzones and their target IP addresses and further examine the attack surface of the target device space.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.03531/full.md

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/1902.03531/full.md

---
Source: https://tomesphere.com/paper/1902.03531