Skip to main content


Kaspersky Internet of Things Threat Data Feed provides reliable, detailed and frequently updated intelligence about the newest threats affecting Internet of Things (IoT) products and devices.

Today there are literally hundreds of thousands of Internet of Things (IoT) devices readily available to the customers. These include security cameras, smart home and smart speaker systems, smart toys and baby monitors, drones, home appliances, routers and web gateways, and basically any other hardware products which can transmit data and be controlled over the Internet.

The majority of these devices are usually quite cheap, mass market oriented, with little to no attention paid to access control and data protection. Therefore, they immediately become a prime target for unscrupulous crooks who are all too eager to exploit their vulnerabilities – and either co-opt them into a botnet or use them to spy on their owners (or, indeed, both). This makes securing such devices an absolute necessity. Furthermore, as the number of IoT devices on the market is currently growing exponentially, this necessity becomes more urgent with each passing month.

Forrester's 2017 Global Business Technographics Security Survey revealed that, even as far back as in 2017, most enterprises were concerned about security vulnerabilities in IoT products they sell. Banks & Finance, Wholesale, Grocery, Technics, Fashion Retailers, Energy and Automation (IoT) showed the highest levels of concerns. On average, 20% of the enterprises were planning to adopt IoT security within the following 12 months, with this figure reaching 32% for the industrial segment.

To address the increased need for IoT protection, Kaspersky Lab has released a new intelligence data feed – the one specifically collecting the data on IoT threats. The current feed statistics are as follows:

  • Number of records - ~8K (accurate as of today).
  • What types of malware does the IoT feed cover:

    • Linux ELF files for x86 and x64
    • Linux ELF files for ARM Little endian
    • Linux ELF files for ARM Big endian
    • Linux ELF files for MIPS
    • Linux ELF files for PowerPC
    • Platform depending and independent scripts
    • Other executable files
  • Update Frequency – every hour.
  • Data are based on 180-day historical statistic.

Kaspersky Lab uses a set of honeypots and other traps simulating unprotected IoT devices, as well as its own research and analytics facilities, to collect IoT threats soon after they appear in the file.

The feed contains the following information for each threat:

  • Id – unique record identifier.
  • Mask – mask that matches the websites that were used to download malware that infects IoT devices.
  • Type – threat type.
  • Protocol – ways that were used to download the malware (e.g., HTTP, HTTPS, FTP, SFTP, and so on).
  • Port – server ports that were used to download malware.
  • first_seen and last_seen – date range when the threat was detected
  • Popularity – how often this URL has been used to infect IoT devices.
  • Geo – top 100 countries from where the attacks were initiated.
  • IP – top 100 IP addresses of computers that were used to launch malware on IoT devices.
  • Files – hashes and names of the files that attackers attempt to launch from the URL (covered by the mask) on IoT devices.

These features make Kaspersky IoT Threats Data Feed a perfect choice for implementation inside routers, web gateways, smart home systems and individual IoT products as well as a valuable part of all-around Threat Intelligence solutions.

If you wish to know more, please click the CONTACT US button below and indicate that you require more information about Kaspersky IoT Threats Data Feed, and our representative will get in touch with you shortly.