Attackers Exploit Weak IoT Security
While the Internet of Things is touted for facilitating all sorts of life-changing services, there's been an undercurrent of anxiety among the more security conscious IT pros. Their concern: All those smart devices, oftentimes built with default passwords and otherwise poor protection, could put networks and users at risk. Now it's clear those fears were warranted.
Recent events have put the spotlight on IoT security – or to be more precise, IoT insecurity. Malware has surfaced that allows attackers to create botnets from vulnerable IoT devices and launch distributed denial-of-service attacks. For example, Mirai was used in last month's high-profile DDoS attack on the KrebsOnSecurity website.
In September, Symantec reported that cybercriminals are taking advantage of poor IoT security to hijack home networks and consumer devices and carry out DDoS attacks, most often against large companies.
"Poor security on many IoT devices makes them soft targets and often victims may not even know they have been infected," Symantec researchers wrote in a blog post. "Attackers are now highly aware of lax IoT security and many pre-program their malware with commonly used and default passwords.
On Wednesday, Akamai said its researchers tracked a recent spate of attacks in which criminals are using vulnerable IoT devices as proxies to route malicious traffic. Attackers are exploiting a 12-year-old vulnerability in OpenSSH -- an encryption tool use for remote login – in IoT devices to remotely generate attack traffic, according to Akamai.
"We would like to emphasize that this is not a new type of vulnerability or attack technique, but rather a weakness in many default configurations of Internet-connected devices," wrote Ezra Caltum, Akamai senior security research team leader and Ory Segal, Akamai senior director of threat research.
They reported seeing SSHowDowN proxy attacks from video surveillance devices, satellite antenna equipment, networking devices such as routers and cable modems, and Internet-connected network-attached storage devices. Cybercriminals are using the compromised devices to launch attacks against internet-facing services such as HTTP and SMTP as well as internal networks hosting the IoT devices.
"We’re entering a very interesting time when it comes to DDoS and other web attacks; 'The Internet of Unpatchable Things' so to speak,” Eric Kobrin, director of information security at Akamai, said in a prepared statement. "New devices are being shipped from the factory not only with this vulnerability exposed, but also without any effective way to fix it. We’ve been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality."
Akamai offered several mitigation measures, including changing the SSH password or keys on the device so they're different than the vendor defaults, although the company noted that often isn't possible with most IoT devices. Disabling SSH entirely via the device's administration console is another option, according to Akamai. If the device is behind a firewall, companies can consider restricting outbound connections from IoT devices to the minimal set of ports and IP addresses required for their operation.
In an effort to nip additional IoT security problems in the bud, the Cloud Security Alliance last week issued guidance for secure IoT product development. The report, "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products," is designed to help developers of IoT products and services understand basic secure measures.
Recommended For You
There isn’t a standard way of performing an application baselining or profiling. Here is a how-to video with suggestions on how to work through the process.
Hybrid and edge data centers are expanding the role of the traditional data center. This makes DCIM more important today. As with any management software, organizations need to know when it makes sense to keep it on-premise versus going with cloud-based DCIM.
The Interop 2019 speaker discusses ways that enterprises explore DevOps, the skills gap, and the rise of security as code.
Composable infrastructure provides a cloud-like experience for provisioning resources. Understand how it works and how it differs from Infrastructure as Code.
Big changes are happening with data center management as emphasis shifts from core to edge operations. The core is no less important, but the move to the edge opens new challenges as the environment becomes more complex.
Video overview on how to use a portable WAN emulator to validate bandwidth requirements to a backup server.