Help Prevent IoT Devices from Becoming DDoS Botnet Slaves

The Internet of Things (IoT) encompasses a broad spectrum of devices, from closed circuit TV cameras, to baby monitors and industrial control machines. It’s well-known that cybercriminals can hack into any device connected to the Internet, to remotely take control of that device and enslave it into a botnet that is part of a distributed denial of service (DDoS) attack. Given the recent, ongoing and exponential increase of devices connected to the IoT, it is becoming easier for hackers to increase the size and frequency of DDoS attacks.

One manufacturing company, Sierra Wireless, recently discovered that its wireless products have been compromised by the Mirai source code, a particularly vicious combination of malware and botnet code. In response to this threat, Sierra Wireless issued a warning to its customers, urging them to change their default access credentials on AirLink gateway products. In turn, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a bulletin which said:

“While the Sierra Wireless devices are not being targeted by the malware, unchanged default factory credentials, which are publicly available, could allow the devices to be compromised. Additionally, a lower security posture could lead to the device being used in Distributed Denial of Service (DDoS) attacks against Internet web sites.”

In terms of security architecture, there’s nothing inherently wrong with the Sierra Wireless products; rather, the company realized that its products have been unlucky enough to become a popular target. There are many more vendors out there with products in the same position, waiting to become the next DDoS attack target. It is commendable that Sierra proactively reached out to their customers, highlighted the risk and reminded them to do what they should have done anyway.

Change Passwords from Default

It’s somewhat understandable that passwords protecting the majority of network-enabled consumer devices get left at their factory defaults, because end-users often lack the awareness or confidence to change them. In these cases, manufacturers need to take more proactive measures to help ensure users are aware, and make it simple for them to update passwords without fear of rendering the devices unusable. However, when it comes to commercial equipment, there is simply no excuse for IT professionals and installers of such equipment to leave devices in their default security state. Even for the simplest of devices which require any kind of configuration, there will be password-controlled access that should be updated.

Best Practices

Hackers are getting more sophisticated in their attacks, so it’s an uphill battle to stay ahead of them. Ultimately it’s impossible to make sure that every IoT device is immune to botnet enslavement; organizations still require advanced network threat protection. However, there are things that companies and consumers can do to make it more difficult for DDoS hackers, and changing the default passwords of IoT devices is one of the easiest steps to take.

If you would like to learn more, contact us.