As the Internet of Things (IoT) has become truly ubiquitous, so has the surrounding threat landscape. However, while the security of classical computing systems has significantly matured in the last decades, IoT cybersecurity is still typically low or fully neglected. This paper provides a classification of IoT malware. Major targets and used exploits for attacks are identified and referred to the specific malware. The lack of standard definitions of IoT devices and, therefore, security goals has been identified during this research as a profound barrier in advancing IoT cybersecurity. Furthermore, standardized reporting of IoT malware by trustworthy sources is required in the field. The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.

翻译：随着物联网（IoT）真正普及，其周边的安全威胁环境也日益复杂。然而，尽管经典计算系统的安全性在过去几十年中已显著成熟，物联网的网络安全水平通常仍然较低或完全被忽视。本文对物联网恶意软件进行了分类，识别了主要攻击目标及所利用的漏洞，并将其与特定恶意软件相关联。本研究发现，物联网设备缺乏统一定义以及由此导致的安防目标不明，是阻碍物联网网络安全发展的根本障碍。此外，该领域亟需可信来源对物联网恶意软件进行标准化报告。当前多数物联网攻击仍属于投入较低、复杂度有限的类型，现有技术手段即可加以缓解。