The world has been rudely awakened to the dangers posed by unsecured Internet of Things (IoT) devices deployed in the billions. A botnet comprised largely of IoT devices, dubbed Mirai by its creators, unexpectedly struck on October 21st with a massive denial of service attack that took down some of the biggest Internet sites in the world. Shortly thereafter, the perpetrator s released the source code for Mirai, meaning that almost anyone can follow-up the main assault with attacks of their own.
According to a recent DarkReading article the released source code revealed the new malware called Mirai, which is designed to search for and attack Internet-connected consumer devices that are protected by default passwords and usernames. This move to release the malware code to the public is ominously hailed by security analysts as a turning point in cybersecurity that could make it much easier for others to launch similar attacks.
According to the same article, a hackforum user called “Anna-senpai” released the code, apparently in response to the increased scrutiny of vulnerable IoT devices by ISPs following the recent DDoS attack on the site run by security blogger and researcher Brian Krebs.
Simply looking around at the devices in our day-to-day lives makes it apparent how ubiquitous IoT technology has become. The rapid adoption of IoT has permeated every industry, and until recently has gone unnoticed by virtually all cybersecurity experts. This presents the sober reality that we are at the whim of cyber-attackers savvy enough to integrate Mirai into an attack like the one we just saw cripple Internet sites around the world.
Despite feeling unable to defend enterprise networks from these types of attacks, there is a great deal companies can do, and should do, to help close this vulnerability.
It’s all about the data
IoT devices essentially create a network of micro-clouds passing data between them as they communicate with each other and with external enterprise networks. The digital transformation effect of this technology is the massive proliferation of unsecured data.
Regardless of the newest threat, IoT already posed a big challenge for organizations trying to manage the data between these devices to extrapolate actionable intelligence. Additionally, another digital transformation concern with IoT has traditionally been the need for organizations to achieve a service assurance level that guarantees that these devices are always on, always accessible and always operating at peak efficiency.
Introducing the Mirai threat to IoT exacerbates these legacy and digital transformation issues, and as we have seen in recent attacks, results in a host of dangerous quagmires.
Securing IoT technology and addressing IoT issues will require organizations to take two steps:
- Separate IoT networks from enterprise networks.
- Galvanize current IT security practices by leveraging Virtual Private Network (VPN) technology with both IoT networks and enterprise networks.
IoT hacks are a great way to illustrate the need in the future for more VPN technology to safeguard these devices and the enterprise networks that communicate with them from cyber-attacks. Hypersocket products empower organizations by providing full control of corporate data, whether you choose to deploy an appliance on-premise or in-cloud. By leveraging Hypersocket solutions, organizations can take control of privileged accounts and the sensitive data stored on the on-premise technology, thereby allowing hybrid cloud strategy such as IoT networks to seamlessly integrate with corporate IT security policies.
The least-privilege role-based access feature of the Hypersocket VPN solution can help organizations improve security by integrating with Active Directory, SQL and other user directories to provide role-based access control so that the right users have access to the right resources. This empowers your IT security organization to build a remote access environment that’s in-synch with the organization’s security policy, including all those IoT devices that are now becoming a part of the corporate network.
Recent DDoS attacks may have spawned from IoT issues. However, with the right IT security tools in place, such as Hypersocket VPN, your organization can be prepared to deal with the little IoT sensors already deployed inside your security perimeter. If not total protection against a Mirai-style attack, it will at the very least ensure that your own devices do not become part of the problem.
