Intel and others estimate that, by 2020, 200 billion connected devices will comprise the Internet of Things (IoT). That’s a whole lot of things!
We tend to think of these things as smart devices, but in general they can be anything with connectivity to the internet and/or to each other. Amazon Go is just the latest technology innovation that uses the IoT concept to reimagine how we shop in brick and mortar stores. So what do no checkout lines have to do with the cyber dangers facing your corporate network? It’s all about connectivity.
Because IoT devices are connected to the wild, and to each other, not only are they vulnerable to attack, but the data that they produce and the applications that support them are also potential attack vectors.
DON'T BE THIS GUY!
It’s a jungle out there, get your FREE Retina IoT Scanner (RIoT) gear now! Download now
The Insecurity of Things
As IoT devices continue to proliferate, so too do the number of vulnerabilities they expose. At DEF CON, this year alone, nearly 50 new IoT vulnerabilities were uncovered, affecting devices from more than 20 manufacturers.
Making matters worse, most IoT devices, by design, follow the “set it and forget it” philosophy. And, as such, they typically lack any built-in security or mechanisms for programmatically making device-level changes.
Some common IoT insecurities include:
- Lack of visibility into sanctioned and shadow IoT devices.
- Weak configurations, such as default or common passwords, and unencrypted traffic.
- Limited ability for users to update IoT device software, passwords, or settings.
Any of these scenarios can spell big trouble for an organization.
IoT Threats Are Evolving
Unfortunately for us, a new generation of distributed denial of service (DDoS) attacks has emerged, representing a significant threat to organizations and governments alike. The most notorious of these being the recent wide-scale DDoS attacks perpetrated by the Mirai Botnet.
Mirai malware continuously scans the internet for vulnerable IoT devices, uses a short dictionary to crack their default passwords, and then enslaves them as part of an IoT botnet attack. To date, Mirai has infected hundreds of thousands of IoT devices, and counting – with the vast majority unbeknownst to their owners.
The race has begun and the clock is ticking. Mirai wants your IoT devices. How can you protect yourself and others from becoming victims of these weaponized “things”?
Managing the Vulnerability of Things
With the , organizations now have the ability to reliably identify at-risk IoT devices, such as IP cameras, DVRs, printers, routers, and more. Powered by Retina, an award-winning vulnerability scanner trusted by thousands of organizations, and delivered via the simplicity of BeyondSaaS’ cloud-based interface, RIoT gives you an attacker’s view of your IoT devices and their associated vulnerabilities.
Stop Your IoT Devices from Going Rogue
Utilizing specific information, RIoT is able to pinpoint the make and model of a particular IoT device. From there, RIoT safely tests whether or not that device is using default or hard-coded credentials for Telnet, SSH, or Basic HTTP Authentication, which are the preferred attack vectors that botnets (most notably, Mirai) initially use to breach a system.
As a result, you’re able to quickly identify IoT related vulnerabilities, clearly understand their potential impact, and decisively act to mitigate threats. Simply specify a target IP or IP range, and RIoT handles the rest.
In the next few years the IoT ecosystem will swell to an estimated 200 billion things, add an additional 1 billion users, and increase its data production by a factor of 5. With a labor shortage of cybersecurity pros that’s seven figures and counting, more devices, more people, and more data equal more ways in for adversaries.
It’s a jungle out there, get your FREE Retina IoT Scanner (RIoT) gear now! Download now
Already a Retina Customer or Community Member? The new IoT audits were added in Audit Revision 3213, to the All Audits Group. For convenience, RNSS 6.0 consolidates these IoT checks into a new IoT Audit Group, which is available for download via the client portal.
For more, contact us today!
Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.