Just a year after the Mirai botnet showed how much destruction can be done when unsecured IoT devices are exploited, a new threat has emerged that looks to dwarf its predecessor's wake.
Nicknamed the seemingly non-ominous IoTroop, the massive botnet has already grown larger and at a more rapid pace than Mirai, which in October 2016 caused massive slowdowns throughout the globe as the result of a DDoS attack. Exploiting security flaws in connected devices such as IP cameras, routers and DVRs, Mirai flooded DNS service Dyn with lookup requests, causing outages and slowdowns in sites and services throughout North America and Europe.
While there was little lasting damage from Mirai and companies were able to recover relatively quickly, there is an air of uncertainty around IoTroop. Since its discovery in September 2017, experts have watched the gathering storm of millions of connected devices sit idle as the bot spreads. What is known is that more than twelve manufacturers have devices that are vulnerable, and more than 60 percent of companies have at least one device on their network that is susceptible. Unlike Mirai, the bot exploits nine core vulnerabilities as it spreads, and already, experts say those responsible for the bot - who remain unknown - have added more than 100 features to it.
It remains to be seen what, if anything, the gathering storm of infected devices may be used for. However, whether it is another DDoS attack like Mirai or something much more destructive, companies everywhere need to take extra precautions, especially as IoT devices become more and more pervasive throughout networks. From routine network security maintenance to long term IT planning, smart companies need to take critical steps to protect devices from emerging threats like IoTroop.
1. Stay current
It might seem basic, but IT professionals must have visibility into all devices on their network. Companies can start to protect themselves by auditing all existing devices on a network and making a list of all devices on the network.
Once there is a clear picture of every device currently on a network, every device is updated and patched so it is running the most up-to-date software. This is key, especially as keeping connected devices running on the most current software is not nearly as clear cut and easy as something like traditional PCs. Connected device makers are not consistent or clear in communicating with their users about updates and threats, so the onus is on IT departments to be proactive about staying current and secure.
2. Go beyond the basics
There are lessons to be learned from Mirai, which used relatively simple exploits to cause a global Internet slowdown. The bot was able to reach as far as it did because so many Internet-accessible devices were set up with default credentials that were never changed. This should never be the case, even in the absence of the looming IoTroop threat. Devices that use default credentials aren't just vulnerable to large bots, but to hackers that could be looking to specifically target a company or service. Focusing on the basics, such as secure passwords, can significantly reduce the chance of a network breach.
3. Know your vendors
Connected devices aren't just deployed by in house IT departments. Often, outside vendors are installing devices on a network, for systems ranging from point of sale to HVAC. It is imperative to know where these devices are, which networks they have access to, and how to keep them up to date. Leaving these maintenance functions to the vendor runs the risk of a lapse in security. Because of this, businesses must carefully vet any vendor that will be installing hardware with access to their networks, and make sure they have a solid, trusted reputation.
The bottom line
Whether it is IoTroop or the next threat, those responsible for network security need to constantly be vigilant for threats. Learning about a new exploit or attack while it is happening is too late and an entire operation could be at risk. While the lasting damage from a botnet like Mirai was relatively minor, the negative press and loss of customer trust caused major strain for affected companies.
At the end of the day, companies must ensure networks aren't a sitting duck for large and increasingly sophisticated attacks. Typically, hackers learn about vulnerabilities at the same time as everyone else, which is why businesses need to be committed to keeping their networks up-to-date. It is not a question of if the next big attack is coming, it is a question of when the attack is coming.
Contributed by Matthew Mead, CTO of SPR
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.