“Cry ‘Havoc’ and Let Loose the Thingbots of War!”
- by nlqip
On the shoulders of manufacturers lies the responsibility to address vulnerabilities, because the next generation of thingbots is taking advantage of known vulnerabilities to gain control of devices. Persirai is an adaptation of Mirai that shares code as well as command and control servers, but targets all models of IP cameras from a single Chinese manufacturer through a vulnerability released April 25, 2017.2 Two months later, over 600,000 cameras were known to be infected by Persirai. That’s an average of 10,000 devices per day infected. And it’s only one vulnerability. We know there are many more (thanks, Shodan) that haven’t been exploited. Yet.
But, like death and taxes, we’re certain many more devices will be infected. Given the historical behavior of manufacturers not addressing vulnerabilities, it’s unlikely they will change anytime soon. There’s nothing forcing them to do so, and they’ve already shown they aren’t willing to do so merely because it’s the right thing to do.
Faced with manufacturers who don’t seem to care any more than the organizations that deploy these devices, it’s not hard to empathize with the vigilantes employing thingbots to nip at the heels of the real enemy.
And they are only nipping at the heels of a much larger problem. There are millions of devices already infected. Based on our latest research, their efforts are not going to slow down the growth of thingbots. It’s debatable whether the black hats even notice that the devices taken out by the vigilantes are missing.
With billions of devices vulnerable and more on the way, the efforts of gray hats are not only illegal but likely ineffective—a drop in the bucket that fails to move the needle in an appreciable direction.
I can’t say it often enough that organizations need to be responsible for the things they attach to their networks, and manufacturers need to be held accountable for blatantly ignoring the need to patch vulnerabilities in their devices.
As always, if you’re attaching a thing to your network (whether at home or in the office) you absolutely need to:
- Change default passwords (prevention)
- Lock down Telnet and SSH access (prevention)
- Secure web interfaces by using a web application firewall (prevention)
Additionally, you may want to:
- Invest in an IoT gateway (prevention)
- Monitor for unusual intra-network traffic (detection)
- Watch for new initiators of outbound traffic (detection)
To read the full F5 Labs report, “The Hunt for IoT: The Rise of Thingbots”, click here.
Source link
lol
On the shoulders of manufacturers lies the responsibility to address vulnerabilities, because the next generation of thingbots is taking advantage of known vulnerabilities to gain control of devices. Persirai is an adaptation of Mirai that shares code as well as command and control servers, but targets all models of IP cameras from a single Chinese…
Recent Posts
- IoT Security In The C-3PO Age Will Be A Bit Different: Analysis
- Data Analytics, Cybersecurity ‘Hot Space’ For Deals For ‘Foreseeable Future’: Expert
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers
- CISA: Hackers abuse F5 BIG-IP cookies to map network devices
- 10 Big Moves In The SIEM Market In 2024