In previous research from the Vectra Threat Labs, we learned that seemingly innocuous vulnerabilities can become serious problems in the context of the Internet of Things (IoT). IoT is the unattended attack surface, and more IoT devices means bigger clone armies.
The recent public release of source code for malware named "Mirai" has proven exactly that. Mirai continuously scans the Internet for IoT devices using factory default usernames and passwords, primarily CCTV and DVRs.
The Internet is chock full of really helpful people and autonomous systems that silently probe, test, and evaluate your corporate defenses every second of every minute of every hour of every day. If those helpful souls and systems aren’t probing your network, then they’re diligently recording and cataloguing everything they’ve found so others can quickly enumerate your online business or list systems like yours that are similarly vulnerable to some kind of attack or other.
Why do this?
Reports of successful hacks against Internet of Things (IoT) devices have been on the rise. Most of these efforts have involved demonstrating how to gain access to such a device or to break through its security barrier. Most of these attacks are considered relatively inconsequential because the devices themselves contain no real data of value (such as credit card numbers or PII). The devices in question generally don't provide much value to a botnet owner as they tend to have access to lots bandwidth, but have very little in terms of CPU and RAM.
Researchers from Vectra Threat Labs recently performed an in-depth analysis of vulnerabilities found in a common Belkin wireless repeater. Today in an article on Dark Reading, Vectra CTO Oliver Tavakoli digs into why seemingly innocuous vulnerabilities can become serious problems in the context of the Internet of Things (IoT). Read the full article here.
Of particular importance to security teams, IoT is not only bringing far more devices into the network, but they are also devices that very rarely get patches and updates. This means that vulnerabilities can be left unaddressed for months or even years. Likewise, these devices are unlikely to be protected by signatures and will almost assuredly be unable to run client-based security.