Problem solve Get help with specific problems with your technologies, process and projects.

Botnets, ransomware and IoT viruses: Do they make you WannaCry?

The recent WannaCry computer virus may have been an eye-opener for many, but we shouldn’t be surprised. It certainly wasn’t the first virus of this magnitude, and it won’t be the last either. The success of these types of attacks exploiting security vulnerabilities, and the financial payoff for limited risk, will only see these stories grow. WannaCry was mitigated by a relatively straightforward domain registration; next time, however, there might not be such an easy fix.

The IoT world is no stranger to headlines about viruses that propagate through email and by individuals opening infected files. Hackers have built vast armies of botnets through relatively straightforward tools. One of the first examples of these types of botnets was the Mirai malware discovered in late 2016.

MalwareTech analyzed the code and found that Mirai relied on finding networked devices running outdated versions of Linux. This included everything from home routers to networked baby monitors, security cameras and more. As long as the devices were functioning properly, most of them had been installed and then forgotten. The software involved would compromise devices by going through a list of 60 common passwords, one at a time. Devices that were still using their default setups would then be infected.

Once infected, the devices could be used for several different applications — the most well-known is a distributed denial-of-service (DDoS) attack. The size and capabilities of the botnets’ traffic is impressive. Mirai launched an attack that exceeded 600 GB per second on the KrebsOnSecurity website, which was then followed up by an attack that exceeded 1 TB per second against OVH, a French internet service provider. Most of the infected device owners had no idea they were infected until it was too late, and probably still don’t know their devices have been compromised.

What’s even more concerning is that the source code for Mirai has been made available online. While that does allow groups like MalwareTech to understand how it’s achieved these attack results, it also paves the way for others to take advantage of the same exploits.

Shortly after Mirai, another huge IoT device-generated DDoS event happened on the Imperva Incapsula network with a 20-minute attack that peaked at 400 GB per second, followed by another 17-minute attack that peaked at 650 GB per second. This new malware was named “Leet” after a character string in the payload.

With new devices being rolled out constantly for both home and business automation, the pace of attacks being generated by IoT botnets will also continue to increase. With published source code examples, motive and opportunity, this will become a more prominent feature that needs to be managed.

The wide variety of niche IoT offerings is impressive and can solve for many different industry- or function-specific needs. With so many providers offering so many solutions, your business needs to have a uniform security platform to remain uncompromised. IoT security needs to manage not just devices, but also communication, data storage and lifecycle solutions.

Unfortunately, we’ve seen many organizations take the same “deploy and forget” approach to their IoT strategy. It’s initially configured to support business goals and sent into the field with the hope that initial device security settings are strong enough. So long as they’re operating, these enterprises assume there’s no need to actively manage these devices from a security standpoint.

This laissez-faire attitude, while cheaper and easier to practice in the short term, exposes that organization to hardware security vulnerabilities and data loss and/or corruption. It also creates the potential risk of added endpoints to existing or new botnets.

For organizations, it’s much easier long term to catalog and inventory your devices (everything from hardware type to firmware versions) before deployment. Basic security measures like changing the default password go a long way toward locking down a solution. Once properly catalogued, securing an IoT device becomes a much easier task. Security vulnerabilities can be quickly identified and widely distributed solutions can be found, updated and, in many cases, tied to other assets that aren’t stationary.

While this may be the more time-consuming and expensive route to take today, it goes a long way toward preventing these types of attacks and keeping networks, data and devices safe.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.