It has been revealed that the Hide and Seek Botnet has resurfaced, bringing with it stronger defences to help it remain on infected devices. Security researchers found that it can now survive device reboots, which would normally remove IoT malware. IT security experts commented below.
An early warning flag is the exposure of telnet services. To prevent exploitation of such devices, start by identifying connected devices and exposed services. Get these services off the network especially when they are accessible by clients or from the internet. These kinds of audits are rather cheap and straight-forward to perform, and the monitoring part can be fully automated to alert you of newly exposed services. This structured approach to infrastructure security is the most simple and effective.
IoT devices on corporate networks is an increasing risk, as more and more devices are exposed and exploited. However, there is very little excuse for keeping IoT devices connected to a network via the internet or from client networks. In an age when cybercrime is rife, companies should always take responsibility for their assets, review inventory and take action on exposed services when discovered. It is way cheaper to do the work upfront than having to implement damage control after the intrusion has happened.
Javvad Malik, Security Advocate at AlienVault:
Organizations that have deployed IoT devices should look to harden the devices by changing default configurations, disabling unneeded services, as well as protecting them within the network so they aren’t easily accessible publicly and infected.
Beyond that, threat detection controls should be deployed on the network that can monitor network traffic of IoT devices and alert when a device is communicating out of normal boundaries either using uncommon ports or communicating with unknown servers.
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.