In previous research from the Vectra Threat Labs, we learned that seemingly innocuous vulnerabilities can become serious problems in the context of the Internet of Things (IoT). IoT is the unattended attack surface, and more IoT devices means bigger clone armies.
The recent public release of source code for malware named "Mirai" has proven exactly that. Mirai continuously scans the Internet for IoT devices using factory default usernames and passwords, primarily CCTV and DVRs.
This attack vector has proven highly successful. Over the last few months, there has been an alarming increase in IoT-based denial-of-service attacks based on variations of IoT-powered Mirai botnets. And Mirai is not the only IoT botnet. There are others. All doing the same thing. All those new smart TVs, cameras, door locks, and maybe even a fridge or two, are going to be the gifts that keep on giving to attackers.
In addition to default usernames and passwords, most IoT devices are shipped to consumers and enterprise with out-of-date, unsecure software that is never updated by manufacturers. IoT devices are also trivial to access with no regulations or guiding principles mandating how secure they should be. Vectra Threat Labs published research on how a consumer-grade Web cam can be turned into a backdoor to gain entry into the network it's connected to.
Yet the demand for IoT devices continues to grow. Businesses that roll out networked devices should be aware that if these devices communicate out to the Internet, they are all susceptible to remote attackers who will load malicious software on them.
As recent threat activities show, IoT attacks are real and here for the long term. Large-scale DDoS attacks are difficult to combat for even the largest, most prepared businesses. It is important to be a good Internet citizen (change those passwords!), but more importantly, don't fall victim to your own camera.
An even greater danger is when IoT devices start snooping around corporate networks while we're home for the holidays. But there's good news, too. Customers who rely on Vectra for automated threat hunting can detect attacker behaviors and remediate active threats before they do damage.