Security News
To prevent devices being used as attack vectors, the first step to IoT protection, when connected onto the network, must start with DNS: using Domain Name System infrastructures and DNS security capabilities to protect data and ensure IoT devices are only allowed access to relevant services. Whilst IoT devices will always have security vulnerabilities, by incorporating a secure approach which makes use of DNS technology, businesses and service providers can be confident they are best protecting their data and access to their IT infrastructure.
The smart home could be ripe for IoT device attacks as cybercriminals rake in record ransomware payments. Remote work may be responsible for the increase in attacks, Kaspersky says.
The report finds a growing interest in using the IoT in several ways, such as improving the efficiency of the supply chain, running shop floor equipment, and powering autonomous vehicles. "Most large enterprises, having chosen their IoT platforms by now, are interested in scaling their IoT initiatives globally."
What about your Internet of Things devices? A new survey from password manager NordPass reveals that many IoT devices are saddled with their default passwords, making them an open target for cybercriminals. In a survey of 7,000 people across Australia, Canada, France, Germany, the Netherlands, the UK and the United States, NordPass found that only 33% of users changed the default passwords on their IoT devices.
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks - up from 639 million during the previous half year, which is more than twice the volume.
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. "Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.
A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research. Warning that the vuln had been included in Dark.IoT's botnet "Less than a week" after it was publicly disclosed, Radware said: "This vulnerability was recently disclosed by IoT Inspectors Research Lab on August 16th and impacts IoT devices manufactured by 65 vendors relying on the Realtek chipsets and SDK.".
Driven by increased adoption of smart sensors integrated into connected devices, the Internet of Things market segment is projected to reach $1.5 trillion by 2027. While IoT devices have the opportunity to revolutionize the way people work, live and play, insufficient implementation of embedded security has the potential to derail these benefits.
Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. CVE-2021-35394 - Multiple buffer overflow vulnerabilities and an arbitrary command injection vulnerability in 'UDPServer' MP tool.
Mozi, a peer-to-peer botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat Intelligence Center and Section 52 at Azure Defender for IoT said in a technical write-up.