DON'T BE THIS GUY!
It’s a jungle out there, get your FREE Retina IoT Scanner (RIoT) gear now! Download now
The Insecurity of ThingsAs IoT devices continue to proliferate, so too do the number of vulnerabilities they expose. At DEF CON, this year alone, nearly 50 new IoT vulnerabilities were uncovered, affecting devices from more than 20 manufacturers. Making matters worse, most IoT devices, by design, follow the “set it and forget it” philosophy. And, as such, they typically lack any built-in security or mechanisms for programmatically making device-level changes. Some common IoT insecurities include:
- Lack of visibility into sanctioned and shadow IoT devices.
- Weak configurations, such as default or common passwords, and unencrypted traffic.
- Limited ability for users to update IoT device software, passwords, or settings.
IoT Threats Are EvolvingUnfortunately for us, a new generation of distributed denial of service (DDoS) attacks has emerged, representing a significant threat to organizations and governments alike. The most notorious of these being the recent wide-scale DDoS attacks perpetrated by the Mirai Botnet. Mirai malware continuously scans the internet for vulnerable IoT devices, uses a short dictionary to crack their default passwords, and then enslaves them as part of an IoT botnet attack. To date, Mirai has infected hundreds of thousands of IoT devices, and counting – with the vast majority unbeknownst to their owners. The race has begun and the clock is ticking. Mirai wants your IoT devices. How can you protect yourself and others from becoming victims of these weaponized “things”?
Managing the Vulnerability of ThingsWith the , organizations now have the ability to reliably identify at-risk IoT devices, such as IP cameras, DVRs, printers, routers, and more. Powered by Retina, an award-winning vulnerability scanner trusted by thousands of organizations, and delivered via the simplicity of BeyondSaaS’ cloud-based interface, RIoT gives you an attacker’s view of your IoT devices and their associated vulnerabilities.
Stop Your IoT Devices from Going RogueUtilizing specific information, RIoT is able to pinpoint the make and model of a particular IoT device. From there, RIoT safely tests whether or not that device is using default or hard-coded credentials for Telnet, SSH, or Basic HTTP Authentication, which are the preferred attack vectors that botnets (most notably, Mirai) initially use to breach a system. As a result, you’re able to quickly identify IoT related vulnerabilities, clearly understand their potential impact, and decisively act to mitigate threats. Simply specify a target IP or IP range, and RIoT handles the rest. In the next few years the IoT ecosystem will swell to an estimated 200 billion things, add an additional 1 billion users, and increase its data production by a factor of 5. With a labor shortage of cybersecurity pros that’s seven figures and counting, more devices, more people, and more data equal more ways in for adversaries.
It’s a jungle out there, get your FREE Retina IoT Scanner (RIoT) gear now! Download nowAlready a Retina Customer or Community Member? The new IoT audits were added in Audit Revision 3213, to the All Audits Group. For convenience, RNSS 6.0 consolidates these IoT checks into a new IoT Audit Group, which is available for download via the client portal. Want to know more about the RIoT Scanner? Download the data sheet. For more, contact us today!
Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.