This new IoT malware strain/botnet labelled ‘Torii’ has spread over poorly secured Telnet services, with the attack coming from Tor exit nodes. The malware captures data from IoT devices, and gives attackers remote code execution – allowing them to hijack infected devices, and run any command they choose. Torii is able to fetch and execute other commands through multiple layers of encryption, share device information, and execute any code or deliver any payload to the infected device.
Sam Curry, Chief Security Officer at Cybereason:
“IoT rolled out incorrectly will lead to Digital Pollution. It is imperative that manufacturers think about the effect that their product at scale will have in much the same way that car manufacturers didn’t decades ago in the pre-catalytic converter and leaded gasoline days. We shouldn’t do that again, and that means shipping with good identity hygiene, requiring unique device ID, not shipping with default accounts that are fully enabled or default passwords. It also means planning for upgrades and patches in a secure fashion and leveraging hardware-based security and strong cyrptography. The technology exists today and isn’t moonshot stuff; it just needs to get done.”