It has been revealed that the Hide and Seek Botnet has resurfaced, bringing with it stronger defences to help it remain on infected devices. Security researchers found that it can now survive device reboots, which would normally remove IoT malware. IT security experts commented below.
Martin Jartelius, CSO at Outpost24:
An early warning flag is the exposure of telnet services. To prevent exploitation of such devices, start by identifying connected devices and exposed services. Get these services off the network especially when they are accessible by clients or from the internet. These kinds of audits are rather cheap and straight-forward to perform, and the monitoring part can be fully automated to alert you of newly exposed services. This structured approach to infrastructure security is the most simple and effective.
IoT devices on corporate networks is an increasing risk, as more and more devices are exposed and exploited. However, there is very little excuse for keeping IoT devices connected to a network via the internet or from client networks. In an age when cybercrime is rife, companies should always take responsibility for their assets, review inventory and take action on exposed services when discovered. It is way cheaper to do the work upfront than having to implement damage control after the intrusion has happened.
Javvad Malik, Security Advocate at AlienVault:
Organizations that have deployed IoT devices should look to harden the devices by changing default configurations, disabling unneeded services, as well as protecting them within the network so they aren’t easily accessible publicly and infected.
Beyond that, threat detection controls should be deployed on the network that can monitor network traffic of IoT devices and alert when a device is communicating out of normal boundaries either using uncommon ports or communicating with unknown servers.