Dubai PR Network, Online Press Release from Dubai and Middle East
 
Business, Banking and Investments(Banking & Investments)
Filter PR by
  
Global IoT risks on rise as Thingbots continue to spread unabated
 

26 new Thingbots discovered between October 2018 and January 2019; 88% of all known Thingbots emerge post-Mirai; 
Europe most at risk for future Mirai-influenced attacks

 
Dubai, United Arab Emirates - October 23, 2019:    New research from F5 Labs shows that the spread of Thingbots continues unabated and that they are being developed by everyone from children to sophisticated nation states.
 
The sixth volume of The Hunt for IoT1 report notes that 26 Thingbots2, which can be co-opted by hackers to become part of a botnet of networked things, were discovered and/or reported on between October 2018 and January 2019. Six were discovered in the entirety of 2017 and nine in 2016. 
“The number of IoT threats will continue to rise until customers demand more secure development strategies for manufacturing devices,” said Sara Boddy, F5 Labs Research Director.  


“Unfortunately, the process hasn’t yet begun. It will be several years before we see a noticeable impact from new, secure IoT devices reducing the threat surface. At the same time, everyone from script kiddies to nation-states will continue to compromise IoT devices.”
When F5 Labs tested IoT devices used in mission critical deployments, such as providing internet service to emergency fleets, 62% of were deemed vulnerable. Theoretically, critical systems would be secured better than a non-critical system. 


According to Gartner, there will be more than 20 billion IoT devices in circulation by next year3. Extrapolating F5 Labs’ 62% figure means a threat surface of at least 12 billion IoT devices that could be compromised and used for attacks. 


Meanwhile, analysis from DBS Bank indicates that 100% market adoption will take place in the next ten years4. 2019 is seen as the tipping point between first adopters and the early majority, where sales and deployment of IoT devices take off at an exponential rate.


Mirai’s enduring legacy and Europe in the firing-line 


Mirai – the most powerful Thingbot yet to have launched an attack – still casts a long and influential shadow, partly due to a distributed scanning model that enable self-reproduction. 


Europe has been the most vulnerable to future attacks since June 2017, with data from F5 Labs partner Baffin Bay Networks indicating the region has more Mirai scanners – compromised IoT devices seeking to spread infection – than anywhere else in the world5.


Not only is the threat of the original Mirai bot still powerfully present, but there are also a multitude of offshoots to consider.


88% of all known Thingbots have been discovered post-Mirai launch, largely driven by publicity and its source code availability.  46% of those new discoveries are Mirai variants, many of which are capable of much more than launching DDoS attacks, including deploying proxy servers, mining crypto-currencies and installing other bots. Other key Hunt for IoT report observations included:


•         Device types. Small office/home office (SOHO) routers, IP cameras, DVR, NVR, and CCTVs remain the primary IoT device type compromised by Thingbots. Infections are considered use-case based rather than attackers targeting IoT devices for specific attack purposes. The sheer volume of publicly accessible devices means they will always stay in attacker’s crosshairs. They are also a target of researchers looking for IoT vulnerabilities, which are often subsequently exploited by bad actors controlling botnets. 


•         Shifting attack methods. Thingbots are increasingly targeting IoT devices using HTTP, and publicly exposed UPnP, HNAP and SSH (services that should not be exposed publicly). A full 30% of the new thingbot discoveries target IoT devices through Common Vulnerabilities and Exposures (CVE).


•         Cheap attacks and endless possibilities. Once malware is installed on an IoT device, the bot will contact the C&C server and download its orders (DDos attacks in most cases). In addition, these Thingbots are deploying proxy servers to use for launching attacks, collecting information from traffic traversing devices, encrypting traffic, mining cryptocurrencies, and launching web application attacks. Notably, the sale of botnet services has moved from the shadows of darkweb forums to mainstream platforms like Instagram, a move in line with the rise of “script-kiddie gamer” personas building and selling IoT botnets. Subscription plans for botnet services go for as little as $5 a month.


•         Lack of detail. Details are missing for many newly discovered Thingbots. The good news is that the security community is discovering bots before they attack. In the past, the majority of Thingbots were discovered through investigating attack traffic, uncovering the bot as well as attack types and infected devices. The fact that we’re discovering bots before they launch is a positive. However, the security community is still several steps behind attackers due to laws prohibiting unauthorized access to a system. To truly understand attacker behaviour, we need to get on the devices they infect. Legislation has been proposed in the US for ethical researchers to get a “hall pass,”. However, there are still instances of ethical researchers getting charged with computer intrusion crimes.
“Waiting on IoT manufacturers to offer secure products or trusting implementers to effectively deploy security controls on IoT devices is a waste of time. Why think IoT would be any different than standard IT, which already struggles? Businesses getting hit by IoT bot attacks must buckle up and defend themselves,” added Boddy.


“Start with the most common attacks launched by Thingbots: DDoS and web application attacks. For DDoS attacks, a cloud scrubbing provider is the way to go, mainly because attack sizes beyond the capacity of most networks – outside service providers and large banks – only cost $20 to launch. Then there’s web application attacks, which now require web application firewalls with behaviour-based bot detection and traffic blocking. Never cut corners with your IoT homework. Don’t buy products with known vulnerabilities, obvious exploit histories or substandard security mechanisms. Always quarantine or retire any devices that cannot be secured.”

 


Posted by : Dubai PR Network Editorial Team
Viewed 1257 times
PR Category : Banking & Investments
Posted on : Wednesday, October 23, 2019  2:18:00 PM UAE local time (GMT+4)
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of DubaiPRNetwork.com.
Previous Story : The medical aesthetics market is anticipated to reach US$26...
Next Story : Women in Leadership (WIL) Economic Forum Partners with WOW (...
Email this article Print this article

Share this article with your friends and followers
NewsVine
Back to Section Home

Related Stories



 
 
Most Viewed Press Release posted in the last 7 days
Holiday Hair-Styling Essentials from VIERRO [12157-Views]
Luxe Beauty Gifts for your Loved Ones this Festive Season [12041-Views]
'Tis the Season to Be Glamorous - Beauty Essentials from GlamBeaute.com! [11980-Views]
Your Holiday Gift Guide for Her [11517-Views]
Chloé's Iconic “Carlina” Sunglasses In a Precious New Interpretation [11444-Views]
Homegrown Jewellery Brand Sumaya Bakkar Collections Curated Festive Gift List [11224-Views]
New year, New You with Lunette [10053-Views]
Uncovering the Beauty of Mechanics' [10022-Views]
Weather-proof your hair with HASK [9486-Views]
Free gold coins at Malabar Gold & Diamonds Festival. [9156-Views]
Eberhard & Co. and the new “Quadrifoglio Verde” chronograph, dedicated to the prestigious... [8699-Views]
The Real Secret to 10 Years Younger: Argan Face Oil [8266-Views]
OMEGA Celebrates The New James Bond Watch in New York [8259-Views]
Retrograde Fusion' [7344-Views]
Mouawad and the Miss Universe Organization Unveil the Miss Universe Power of Unity Crown, ... [5844-Views]
Berkan Steakhouse Launches in Dubai [5551-Views]
Cole Haan Makes Its Debut at Sole Dxb 2019 Showcasing Footwear Collaborations [4435-Views]
Dubai Festival City Mall Visitors In for A Jolly Festive Season Like No Other in Dubai [4435-Views]
NYU Abu Dhabi Class of 2017 graduate Alioune Fall named as 2021 Schwarzman Scholar [4227-Views]
Emotional and highly dynamic: the design of the MINI John Cooper Works GP. [4197-Views]
Dubai Cares' Volunteers bring hope to children in remote village in Senegal [4172-Views]
Customs World inks MoU with Indonesia to roll out World Logistics Passport [3947-Views]
Best Menswear Items [3934-Views]
Statement Cardigans [3867-Views]
DP World joins forces with Dubai Cares in giving a new facelift to Umm Al Qura School in U... [3812-Views]
 
RSS Facebook Twitter LinkedDin
 
Top Sections
 
Top Stories