Cyberattack of the clones

Cyberattack of the clones

Cyberattack of the clones

Chris Morales
November 27, 2016

In previous research from the Vectra Threat Labs, we learned that seemingly innocuous vulnerabilities can become serious problems in the context of the Internet of Things(IoT). IoT is the unattended attack surface, and more IoT devices means bigger clone armies.

The recentpublic release of source code for malware named "Mirai" has proven exactly that. Mirai continuously scans the Internet for IoT devices using factory default usernames and passwords, primarily CCTV and DVRs.

This attackvector has proven highly successful. Over the last few months, there has been an alarming increase in IoT-based denial-of-service attacks based on variations of IoT-powered Mirai botnets.And Mirai is not the only IoT botnet. There are others. All doing the same thing. All those new smart TVs, cameras, door locks,and maybe even a fridge or two, are going to be the gifts that keep on giving to attackers.

In addition to default usernames and passwords, most IoT devices are shipped to consumers and enterprise with out-of-date, unsecure software that is never updated by manufacturers. IoT devices are also trivial to access with no regulationsor guiding principles mandating how secure they should be. Vectra Threat Labs published research on how a consumer-grade Web cam can be turned into a backdoor to gain entry into the network it's connected to.

Yet the demand forIoT devices continues to grow. Businesses that roll out networked devices should be aware that if these devices communicate out to the Internet, they are all susceptible to remote attackers who will load malicious software on them.

As recent threat activities show, IoT attacks are real andhere for the long term. Large-scale DDoS attacks are difficult to combat for even the largest, most prepared businesses. It is important to be a good Internet citizen (change those passwords!), but more importantly, don'tfall victim to your own camera.

An even greater danger is whenIoT devices start snooping around corporate networks while we're home for the holidays. But there's good news, too.Customers who rely on Vectra for automated threat hunting can detect attacker behaviors and remediate active threats before they do damage.

Networked IoT devices – printers, cameras and even advanced devices like MRI scanners – can pose an alarming cybersecurity risk. While they don’t fit the bill of a traditional network host, they represent fruitful targets and vectors for cyber attackers. In this webinar, we dive into examples of how attackers target and use IoT device vulnerabilities to their advantage. RSVP today! {{cta('e2900b3d-197f-402d-941d-f5568f5024d2','justifyleft')}}

About the author

Chris Morales

Chris Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Author profile and blog posts

Most recent blog posts from the same author



December 10, 2020
Read blog post
Threat detection

攻撃者がビジネスメールを使ってOffice 365を侵害する方法

December 3, 2020
Read blog post

攻撃者が使用するOffice 365ツールとオープンサービス

October 19, 2020
Read blog post