Over the past month, technology companies have been working overtime to promote new products, services and partnerships that will transform the market in the years to come. However, many of the tech sector’s most important developments have been focused on internet of things security, which is why this month’s tech roundup spotlights some of the emerging threats and proposed solutions to endpoint vulnerabilities.
Infamous Mirai botnet resurfaces to target enterprise IoT
After years of laying dormant, a variant form of the infamous Mirai botnet has reemerged with a new set of capabilities. In early March, researchers from Palo Alto Networks discovered that an upgraded version of the Mirai malware had begun targeting wireless presentation systems and smart signage TVs that are common in enterprise environments, TechRadar reported. This poses a major risk to organizations across every industry, as the infected devices are often used to launch large-scale DDoS attacks on popular websites and government agencies.
Mirai first made headlines back in 2016 after the botnet was activated to carry out a massive network-level attack on a prominent infrastructure company, Dyn, which provides DNS services to several high-profile companies, including Twitter and Netflix. One month later, the botnet was implicated in a mass shutdown of Deutsche Telekom routers that caused significant disruption for over 900,000 customers, according to an article from Incapsula.
The newly discovered variant contains a number of crafty exploits, along with updated credentials that can be used in brute-force attacks on unsecured endpoints. The self-propagating malware primarily infects internet-connected devices that were never reconfigured from their factory settings, taking advantage of default usernames and passwords to gain access. Once a device is incorporated into the network of infected endpoints, the botnet operator can leverage its bandwidth to flood a targeted server with an enormous amount of web traffic. These attacks have the potential to completely disable a website or computer system, making it impossible for online users to connect via their web browsers.
A mid-March blog post published by Unit 42, the deep research arm of Palo Alto Networks, provided a comprehensive overview of the Mirai variant’s capabilities, highlighting 27 exploits enterprise IT administrators should be aware of. Among the group’s listed recommendations, a few simple bits of advice stood out, including:
- Review each IoT device connected to a company’s network
- Change all default usernames and passwords
- Ensure devices and embedded technologies are fully up-to-date on patches
- Remove any device that cannot be patched from the company network
Responding to the latest Mirai outbreak has been difficult, as the botnet is continuously expanding its attack surface by incorporating multiple exploits for a wide array of devices. Unit 42 also pointed out that the shift toward enterprise vulnerabilities raises questions about the botnet operator’s intentions, as infiltrating corporate networks grants access to larger bandwidth than taking over consumer devices. It’s unclear how the latest variant of Mirai will be wielded in the months to come, but security researchers are worried that many organizations are unprepared for the threat.
Congress introduces updated IoT security bill
With an estimated 20.4 billion connected devices set to be in use by 2020, per Gartner research, government officials have started getting serious about IoT security. In early March, members of the U.S. Senate and House of Representatives rolled out the IoT Cybersecurity Improvement Act of 2019, which aims to promote improved standards for the development, management and patching of IoT equipment, InfoSecurity reported. As it stands, manufacturers of connected devices and other embedded technologies are not required to uphold any standardized protection measures, a practice that many legislators believe will open the door to a wide range of major security threats.
Once passed, the legislation will engage the National Institute of Standards and Technology to create detailed security recommendations for companies operating in the IoT space. While the bill does not force manufacturers to apply NIST’s recommendations, it will limit their ability to secure lucrative contracts with federal agencies should the standards not be upheld. Many legislators hope that this bill will motivate IoT device manufacturers to spend more time developing comprehensive security features before releasing their tech on the open market.
This is not Congress’s first attempt at passing IoT-focused legislation. In 2017, Senator Mark Warner proposed a similar bill that did not gain the traction it needed to move forward. One year later, Lt. General Robert Ashley commented in a Senate hearing that “the most important emerging cyberthreats to our national security will come from exploitation of our weakest technology components: mobile devices and the Internet of Things (IoT).”
Paired with the recent surge in large-scale data breaches, Ashley’s testimony seems to have created a greater sense of urgency around the issue. As a recent article from CNET pointed out, hackers tend to target IoT devices that do not have built-in security features by exploiting default passwords and firmware vulnerabilities that are difficult to patch. Only time will tell if the IoT Cybersecurity Improvement Act of 2019 will have the intended effects, though many are hopeful that the bill represents a positive future for connected technologies.
That concludes this month’s tech round-up, so be sure to check out Faronics’ blog to learn more about endpoint security and important trends in the industry.