Verizon’s Data Breach Digest 2017 is soon to be released but the firm has published a sneak peek into the report, which details why security should be top of the agenda when it comes to the Internet of Things (IoT).
The sneak peek takes a look at a university which had connected everything from lightbulbs to vending machines to the internet. In fact, according to the report as many as 5 000 systems had been connected.
Unbeknownst the university, these systems had been compromised and corralled into a botnet that was eating up university resources. Neither the university nor the incident commander who dealt with the situation were named.
“My phone lit up with a call from the help desk. They had been receiving an increasing number of complaints from students across campus about slow or inaccessible network connectivity,” the incident commander at the university said.
The incident commander found that all 5 000 systems across the university were making DNS lookup’s every 15 minutes. After analysing the IP addresses and domains it was determined that the universities systems were forming part of a botnet.
“This botnet spread from device to device by brute forcing default and weak passwords,” said the incident commander. Once the botnet had taken a device it changed the default password and locked the university’s IT team out of it.
Unplug it all
Short of replacing every system connected to the internet the commander was at a loss for solutions.
Eventually it was determined that the malware that was brute forcing the devices could be used to wrest control back.
“The plan was to intercept the clear text password for a compromised IoT device over the wire and then use that information to perform a password change before the next malware update. If conducted properly and quickly, we could regain control of our IoT devices,” said the commander.
Eventually the IT team was able to regain control of its devices.
The commander notes that the incident taught him a number of valuable lessons. For instance that IoT networks should be separated from other critical networks where possible.
While it seems obvious default credentials should also be updated and secure passwords should be used. This isn’t always the easiest thing as we learned with Mirai but something that should be done if possible.
Finally, IoT devices need to form part of any IT team’s asset inventory and firmware should be updated when needed.[Via – Network World][Image – CC BY SA Jeramey Jannene]