It is no secret the Internet of Things (IoT) has great benefits, but, likewise, it is no secret it is a security nightmare.
That just plays out even stronger when over 90 percent of IT security professionals said connected devices will be a major security issue this year, new research said.
On top of that, 66 percent of respondents said they are not sure how many devices are in their environment, according to research from Pwnie Express.
IT pros understand the dangers, but they do not have the necessary solutions to address these new threats against something like the IoT Mirai malware.
“Historically, IT security has not worried about what they don’t own or control. The Mirai attack points out that there are devices associated with your network or around your network that challenge IT security processionals in new ways,” said Paul Paget, chief executive of Pwnie Express. “Non-traditional IT, that may be controlled by a vendor or another organization, now has to be taken into consideration. This wasn’t always part of security’s mission, but Mirai has changed everything. These pros need reinforcements now more than ever as the number of security challenges surrounding enterprises continues to skyrocket.”
Mirai was a Trojan designed to infect IoT devices and use these devices to build botnets and launch DDoS attacks.
Mirai made headlines globally and 84 percent of those surveyed admitted the attack changed their perception about threats from IoT devices. Yet, over 65 percent said they either haven’t checked or don’t know how to check their connected devices for Mirai.
With Mirai and its inspired offshoots in the wild, attackers see the potential to use vulnerable connected devices for nefarious large-scale purposes and to target and compromise specific networks and companies.
The “Internet of Evil Things” report found a common point-of-view among 868 IT security professionals polled –IoT is introducing significant risk to companies today, but security programs are not keeping pace.
Key report findings include:
• One in five of the survey respondents said their IoT devices ended up hit with ransomware attacks last year.
• 16 percent of respondents said they experienced Man-in-the-middle attacks through IoT devices.
• Devices continue to lend themselves to problematic configurations. The default network from common routers “linksys” and “Netgear” were two of the top 10 most common “open default” wireless SSID’s (named networks), and the hotspot network built-in for the configuration and setup of HP printers – “hpsetup”- is #2.
In addition, survey respondents shared their top device threat concerns for 2017:
• Misconfigured healthcare, security, and IoT devices will provide another route for ransomware and malware to cause harm and affect organizations.
• Unresolved vulnerabilities or the misconfiguration of popular connected devices, spurred by the vulnerabilities publicized by botnets, including Mirai and newer, “improved” versions, in the hands of rogue actors will compromise the security of organizations purchasing these devices.
• Mobile phones will be the attack vector of the future, becoming an extra attack surface and another mode of rogue access points taking advantage of unencrypted Netgear, AT&T, and hpsetup wireless networks to set up man-in-the-middle attacks.
More than half (54 percent) of respondents said their companies would pay more for an IoT product that comes with extra or updated security provisions.
“We see innovators moving in the right direction across a range of industries — these devices are in a wide range of businesses across industries including financial services, hospitality, retail, manufacturing, professional services, technology, healthcare, energy and more,” Paget said. “The change agents are finding the funds to expose and address the device threats introduced by IoT and BYOD.”