By now you've heard the FBI's plea that we should all reboot our routers. It's happening because a hacker group in Russia created some malware that can harvest log-in credentials or even brick the device. It turns out that at least some of those Internet of Things (IoT) devices—which include small and home office (SOHO) routers, along with some network-attached storage (NAS) devices—also included a line of enterprise and cloud routers produced by European company MicroTik. And that list may grow as our knowledge of this malware increases.
Continue Reading Below
While the malware in those devices has been effectively disabled by the FBI, at least for now, it still poses a threat because the hackers may have tracked the IP addresses of the infected routers and they may be able to use that information to reinfect them. Sure, they're probably interested in personal financial information and log-in credentials, especially for banks and credit card companies, but many people also use their routers to at least occasionally telecommute. That means these same hackers could also be collecting a swath of your company's network credentials. To help, the FBI is urging folks to reset those IoT devices to their factory defaults to get rid of the malware.
That's okay, but a better move would be to (a) reset the router and then (b) check your router manufacturer's support website for news that they've updated the router's firmware. Once they do, then update your router's firmware immediately. And if they don't, then drop the $100 and switch to a router from a manufacturer that cares.
However, even if your users follow those directions at home, SOHO routers are only one example of a rapidly growing trend, namely that of consumer devices posing a threat to corporate networks even though they're located outside of that network's perimeter. Bottom line: Even well before it's reached its full growth potential, the lower end of IoT devices has become a threat—one that's only going to get worse.
That trend certainly doesn't begin or end with home routers, and it also doesn't end with the Amazon Echo , which has recently been shown to record conversations in which it thinks it hears the word "Alexa" (at which point it starts recording just in case it's a command). So far, there's one reported case in which Alexa sent a private conversation to another party on a contact list. Depending on what's being discussed when the Amazon Echo starts recording, that could be big trouble if someone hijacked the device and started routing conversations with deliberate malice—albeit a different kind of trouble compared to a malware-laden router.
Sadly, the list goes on. In 2016 it was malware-infected wireless video cameras that were installed by the millions worldwide; they were subsequently used to launch a distributed denial-of-service (DDoS) attack on security researcher Brian Krebs. Many of those cameras were used as security cameras in companies because they're inexpensive, provide good quality video, and work on Wi-Fi. Unfortunately, they had little or no security.
How to Safeguard Your Devices
Now, despite the FBI warning, likely the most popular IoT threat is cryptojacking in which devices are set to work to mine cryptocurrency. Even though such devices can only do a little work, millions of them can earn the bad guys a lot of money. In addition, because the devices weren't designed for the kind of duty cycles that currency mining demands, they can fail earlier because of overheating.
Unfortunately, device-based malware is nearly impossible to detect directly. But you can do something about the threat. While the best defense is to deny access to the outside world. here are six other steps you can take:
- Set your routers or firewalls so that the IP address of the device is denied access beyond the local network. This will prevent any malware that gets in from phoning home for instructions or for more malware.
- While you're at it, deny inbound access to those devices. Not only does your IP camera not need internet access, it's a security threat in more ways than just hosting malware.
- For IoT devices that have a legitimate need to have their traffic travel outside the network, set your firewall to log such requests. You will also need to log (if you can) details about the traffic, such as inbound and outbound message length. Some types of malware traffic, including cryptocurrency mining, have specific traffic patterns that you can spot.
- Invest in security software designed to spot malware traffic. One new package that's recently been introduced is Jask, an autonomous security operations platform which uses artificial intelligence (AI) and machine learning (ML) to spot malware and other security events in what otherwise might appear to be routine network traffic.
- Remember that not all IoT malware is necessarily aimed outside your network. It may be designed to harvest log-in credentials or intellectual property (IP) from inside your enterprise. To combat this, you may want to consider reexamining your network's perimeter defenses and consider more advanced measures, such as network segmentation or virtual networks, internal firewalls, multifactor authentication (MFA) and identity management, or even separate networks to keep certain devices from accessing the rest of the network.
- Also, keep an eye out for rogue Wi-Fi routers and access points inside your corporate network. These devices are frequently installed by employees who want something—usually wireless access—that they can't get from the IT shop. Since these are usually installed by people with no security training, they also wind up becoming significant threats to your network. Fortunately, enterprise-grade Wi-Fi controllers and infrastructure management tools can usually spot these devices.
Remain Vigilant About Security
The primary reason for this level of vigilance is to protect your network from intrusion but there are other reasons. For example, if your consumer IoT device is used in an attack and the victim is able to trace it to you, then your organization's liability could be significant. Also, consider making home routers part of your security policy for workers designated as road warriors or telecommuters, or basically anyone who requests legitimate remote access credentials.
Often, IT doesn't place any restrictions on home network equipment because they don't need the support headaches. However, as IoT becomes an ever greater threat, that may have to change. Testing and settling on one or two approved home routers for your employees that you know will work with your remote access infrastructure, designated cloud services, and local home internet service providers can go a long way towards protecting the core of your corporate network while still keeping those support requirements to a minimum.
The fact is, consumer devices and other IoT netizens are probably here to stay, at least as occasional touchpoints to everyday business networks. The good news is they can provide some really useful capabilities. The bad news is they can also present a huge risk if you don't keep an eye on them.