A strain of the botnet malware Mirai has emerged focused on a wider set of embedded internet-connected devices. Researchers at Palo Alto this week stated that a variant of the notorious Internet-of-Things infector is now looking to hijack TVs and projectors designed to display information and adverts, as well as the usual broadband routers, network-attached storage boxes, and IP-enabled cameras and digital video recorders.
Tim Mackey, Senior Technical Evangelist at Synopsys:
“When deploying an IoT device of any type, the three most important questions need to be:
- Have we configured strong credential access?
- What is our update strategy for firmware changes?
- What URLs and IP address does the device need for its operation?
The Mirai botnet works by exploiting known vulnerabilities within the toolchain or operating framework of the IoT device and weak credentials. When IoT devices are deployed within a business environment, best practice dictates a separate network segment known as a VLAN should be used. This then allows for IT teams to monitor for both known and unknown traffic impacting the devices. It also allows teams to ensure that network traffic originates from known locations. For example, if a conference room projector is accessible via WiFi, the network the device uses should be restricted to only internal and authenticated users. Public access to the device should always be restricted. Following this model, exploit of the device would then require a malicious actor to first compromise a computer belonging to an authenticated user. Regular IT audits of IoT networks should then be performed to ensure only known devices are present and with the devices identification mapped back to an asset inventory containing a current list of firmware version and a list of open source components used within that firmware. This open source inventory can then be used to understand when an open source vulnerability impacting a library used within the firmware has a published vulnerability. Armed with this information, a proactive update and patching model can be created for corporate IoT devices.”