Over the last several years, there has a great deal of talk about the rise of the Internet of Things (IoT), or the movement that will result in the connectivity of billions of ordinary devices.
Make no mistake about it: The IoT is here, and it’s growing at an aggressive pace. In 2015, there were about 15.4 billion connected devices. By 2020, this figure will swell to 30.7. And by 2025, it should reach 75.4 billion.
From a cybersecurity perspective, this is troubling.
The main concern with IoT security right now is that there are many vulnerable devices on the market that can be easily hacked and turned into dangerous cyberweapons capable of launching powerful, concentrated attacks on targeted networks.This is called a “botnet” style attack, a strategy often used to carry out distributed denial of service (DDoS) attacks which can knock businesses offline for extended periods.
Unfortunately, these types of attacks are becoming more common. On Saturday, for instance, the leading altcoin exchange CoinExchange reported a service disruption from a DDoS attack. And right now, security experts from across the technology industry are working together to combat a new type of DDoS botnet called WireX, which hijacks Android-based devices.
These developments come on the heels of a recent report from Kaspersky Labs which indicates that botnet-style DDoS attacks are getting longer, bigger and more demanding in nature. For instance, the longest attack during 2Q17 was active for 277 hours, or more than 11 days. This is a 131 percent increase in length from the longest attack in Q1 — and thus, a record for the year.
Right now, the report continues, the top 10 most affected countries include China, South Korea, the U.S., Hong Kong, the U.K., Italy, the Netherlands, Canada and France.
So as you can see, things are moving quickly in the IoT security space — to the point where it can be difficult to keep up with all of the latest headlines. That being said, here are three recent developments that you need to be aware of concerning IoT security:
Massive password leak: On Friday, news broke that security researchers have discovered a list of public-facing login credentials for more than 1,700 IoT devices. Sources indicate that the list has been available since June, and has since undergone several updates. The list contains user names and passwords for at least 8,233 unique IP addresses — almost a third of which were still running open telnet servers as of Friday morning. Experts believe that this list has been widely-used to compromise devices since its initial release.
IoT security legislation: U.S. senators are working on a bill that will help improve the cybersecurity of IoT devices. The bill is called the Internet of Things (IoT) Cybersecurity Improvement Act of 2017. If passed into law, the bill would mandate that all devices acquired by the federal government would have to meet specific cybersecurity standards. And vendors who supply the federal government with such devices would be responsible for ensuring they are free of hard-coded passwords, and for ensuring they are patchable. The bill would also require companies and individuals working alongside government agencies — like contactors — to announce vulnerability disclosures.
“White worm” to the rescue: A team of international researchers have developed a way to use the source code from the high profile Mirai DDoS attack to defend insecure IoT devices. The solution, AntibIoTic, uses the Mirai bot code to take command over insecure IoT devices. Once the worm is inside of a device, it can be used to inject a special security code and alert the device owner that a fix is needed. If successful, this code could be used to spread awareness about IoT vulnerabilities and hopefully lessen the impact of future botnet-style attacks.
As a business owner, you may be feeling overwhelmed reading about IoT security issues — especially if you have a small team of IT staff members who are already overloaded trying to keep your network safe. How can you find the extra resources to keep your business secure?
The answer is to work with a managed services provider like Apex Technology Services. Apex can conduct a thorough cybersecurity assessment for your organization, providing your team with the necessary software and hardware updates for staying safe during network outages and for protecting your devices from being used in DDoS attacks.
To learn more about how Apex can help your organization, click here.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.