The Best Time to Secure IoT Devices is Now, and Always
It has always been seen as wise to secure IoT devices, but right now there is more urgency to do so. A few days ago, Technadu reported that a DDoS-for-hire service provider published the “Telnet credentials required to access 515,000 IoT (Internet of Things) devices, routers, servers, and various smart dongles.” That’s over half a million IoT devices! Although that list is now three months old, there is a high probability that most of those IoT devices have still not been properly secured, which means that other cybercriminals likely still have a massive new pool of available devices they could easily hijack for nefarious purposes.
Since the Mirai botnet of 2016, IoT devices continue to be frequently hijacked and harnessed into botnets, most often to carry out harmful distributed denial of service (DDoS) attacks. If you own or manage IoT devices, you have a social responsibility to make it as difficult as possible for them to be enslaved into a botnet. Furthermore, you have a personal reason to do so, because even if your organization is not the target of such a DDoS attack, if your IoT device is ensnared into a botnet, its performance will likely be impacted, resulting in crashes, overheating, trouble starting up or shutting down, etc.
Security Weaknesses in Device Architecture
IoT devices are often manufactured with cybersecurity as an afterthought. In a rush to get to market with products, some manufacturers build IoT devices with weak authentication mechanisms, hard-coded passwords that users cannot change, or default passwords that users seldom change. Even if a manufacturer issues a security patch for a device, it is still up to the end-users to find and implement those updates, which not everyone does.
Help Stop DDoS Attacks
DDoS attacks are increasing in frequency and sophistication, and the rapid proliferation of IoT devices around the world only makes it easier for cybercriminals to launch more attacks in the future. If you are an IT professional you should do the following:
- Tackle IoT governance issues such as firmware updates and device audits in your organization, and that includes “shadow IoT,” devices that are connected to your network without the IT department’s knowledge.
- Select IoT products from reputable vendors, who are committed to delivering secure products, and perform regular firmware upgrades and system audits to ensure they are not compromised.
- Protect your networks from botnets sourced from the IoT devices of others, who have been less diligent, using dedicated, always-on, real-time, automatic DDoS protection that stops DDoS attacks before they have a chance to cause you any damage.
For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments, without the downtime, or hassle, associated with other solutions. If you’d like to learn more, please contact us.
Sean Newman is VP Product Management for Corero Network Security. Sean has worked in the security and networking industry for twenty years, with previous roles including network security Global Product Manager for Cisco, who he joined as part of their acquisition of cyber-security vendor Sourcefire, where he was Security Evangelist and Field Product Manager for EMEA. Prior to that he was Senior Product Manager for endpoint and network security vendor Sophos, after having spent more than 12 years as an Engineer, Engineering Manager and then Senior Product Manager for network infrastructure manufacturer 3Com.