Back in October 2016 we experienced the Mirai botnet malware, which leveraged the use of weak credentials, particularly passwords – usually guessing the default passwords which manufacturer’s ship devices with. The solution? Easy, just update your password!
After Mirai, we were introduced to Persirai, a more advanced version of Mirai, likely to have evolved due to the Mirai code being made public. Persirai has aggressive features by exploiting a zero-day vulnerability to steal the password file from an IP camera regardless of password strength.
More recently, Reaper, another flavour from the same family but lot more vicious than its predecessors, infected more than million devices and counting.
We now have Satori (Japanese Buddhist term for awakening) - same family, zero-day powers, infected 280,000 devices in 12 hours including home routers. Experts say Satori can proliferate rapidly making it an IoT worm. If it continues it will be massive, and security researchers fear it can launch disastrous attacks at any time.
To prevent your IoT devices being victims of malware and causing disruption to your business and beyond, organizations need to deploy strong security that focuses on the weak credentials and software vulnerabilities. It’s important to change passwords regularly, but also ensure they are encrypted. To address Reaper and Satori now, we need secure software and firmware patch updates as soon as the they become available.
KeyScaler provides superior protection from weak credentials and vulnerabilities through its automated password management, and secure over-the-air (OTA) solution, which:
- Encrypts the passwords at rest
- Rotates passwords frequently
- Trusted secure software updates
KeyScaler provides protection for enterprise devices and applications with automated PKI certificate lifecycle management. Device Authority is working with ecosystem partner Comodo to address IoT botnet issues from the first stage in the IoT device journey - manufacturing of the device.
Are you a device manufacturer who would like to offer their customers superior products built with robust security?
Are you worried about the financial and brand damage of an IoT botnet recruiting your devices?