IoT Botnet Torii: Protect Your Organisation from Credential Exploits

Mirai, the first IoT botnet which was discovered in 2016 took down popular websites and services including Twitter, Airbnb and Netflix. Since then we were introduced to more advanced versions of Mirai like Persirai, Reaper, Satori and Okiru.

While the core of these malware flavors is to exploit weak credentials, the sophistication of these IoT botnets is increasing with aggressive features. E.g. Persirai could steal the password file from an IP Camera regardless of password strength. Reaper, from the same family, even more aggressive is believed to be behind the IoTroop botnet targeting financial institutions.

Recently we came across Torii, highly persistent with a richer set of features that can even exfiltrate sensitive data. Torii can infect a large range of devices with its modular architecture and multiple layers of encrypted communication.

Where is the problem?

No matter how sophisticated these botnets are, the common denominator for these exploits is weak credentials. So far, we have been worried about DDoS and its impacts. Torii has advanced features which allow it to exfiltrate sensitive data, taking the impact of an IoT botnet to higher level, with potent safety and compliance issues. IoT use cases are about data. If the device identity/authentication is vulnerable, the data can’t be trusted. This will be a big impediment for IoT adoption.

What can we do to prevent it happening?

Recent challenges with IoT botnets have grabbed the attention of Government organizations as they could introduce social and economic issues beyond security. UK Government published a report earlier this year called “Secure by Design” which outlines 13 sections within the report’s proposed code of practice. The first three sections carry a higher priority as they aim to address the core problems in IoT devices: weak credentials and known vulnerabilities.

Role of IoT IAM

• Traditional IT Security methods of applying human identity models to devices and MFA (Multi Factor Authentication) don’t work for many headless devices including IoT, because of unique device characteristics and scale.
• IoT IAM is emerging as an important capability to help strong Device Identity, Authentication and Automation for scale.
• The industry experts and analysts have been providing guidance on this functionality
• IoT IAM is substantially different from Traditional IAM, Traditional IAM is not suitable for IoT.

Device Authority KeyScaler

Device Authority KeyScaler is the first device centric IoT IAM platform to deliver the Trust and Automaton. This platform has all the features to address the IoT Botnets.

• Automated Password Management – Patented technology-based solution that can withstand to any type of botnet
• Automated PKI – PKI is the proven device identity model
• Secure Soft Storage – Protect the secrets with or without HW support
• Policy based end-to-end data security/privacy with unique patented technology for crypto operations

Please contact us for additional details.