Forbes suggests that the main culprit appears to be unsecured cameras. Security blogger Brian Krebs suggests that some vulnerabilities in smart devices, such as default passwords, are not able to be edited by the owner:
“As I noted earlier this month in Europe to Push New Security Rules Amid IoT Mess, many of these products from XiongMai and other makers of inexpensive, mass-produced IoT devices are essentially unfixable, and will remain a danger to others unless and until they are completely unplugged from the Internet.” ~ Brian Krebs
When devices are Internet connected, they can be overridden by hackers and coordinated as a Botnet to perform a specific task.
Looks like Mirai botnet of hacked cameras at least partly responsible for epic outages today https://t.co/EAtHc91iQX
— Thomas Fox-Brewster (@iblametom) October 21, 2016
Asset Managers need to be aware of new smart devices on their network. Whilst plenty of the hype around Internet of Things and internet connected devices has focused on consumer devices and the fridge that knows to restock it’s own beer, there is enormous potential for IoT in the enterprise space. With Manufacturing, Healthcare providers, insurance and banking being key vertical markets:
— Mike Quindazzi ✨ (@MikeQuindazzi) October 16, 2016
This is a great opportunity for IT Asset Managers to a) bring additional value to their security team and b) extend the reach of their ITAM practice beyond IT department devices. Unchecked devices could present a significant weakness in enterprise defences as Ben Evans eloquently suggests via his newsletter:
“A chunk of the Internet went down this week, effectively, because someone did a massive distributed denial-of-service attack using a botnet of millions of hacked IoT devices – mostly, it seems, IP webcams from one Chinese company that don’t have decent security. This is an interesting structural problem – the devices once sold are either impossible or unlikely to be patched, the users probably don’t even know that their device is hacked, and the manufacturer has no motivation and probably few of the necessary skills to do anything about it. A network designed to withstand nuclear attack, brought down by toasters.”
Not only are more and more devices being internet connected, they are also collecting data and talking to each other:
— Internet of Things (@TheIoT) March 26, 2015
Are IoT devices on your radar yet? Please let me know in the comments section.
If smart devices are connected on your network they are probably already in your discovery data – but are you managing them? As we discussed in a recent podcast, devices are becoming smarter and SNMP might be able to provide a wealth of details in terms of the identity of devices – but are you managing it yet? Please share your views.