A new worm that targets embedded devices started to spread during the holiday season. The Zollard worm, which targets various devices running on Linux, has brought to light the numerous security vulnerabilities Internet of Things (IoT) endpoints pose for corporate networks.
Researchers at Symantec discovered the worm just before Thanksgiving and said “it appears to be engineered to target the Internet of Things.” It works by leveraging a PHP vulnerability that was patched in May 2012, and attacks un-patched devices, such as Linux-based home routers, set-top boxes, security cameras and more. The worm generates IP addresses randomly, sends out HTTP POST requests and then spreads itself.
As Joerg Hirschmann, CTO of NCP, mentioned in a recent InformationSecurityBuzz article, “with more devices requiring secure communications between not just end users, but other devices, enterprises need to start preparing for every device to become a potential attack vector.”
The worm clearly presents a looming threat, especially considering it is built to attack IoT devices, such as those listed above, that are rarely, if ever, patched. Enterprises have a wide range of seemingly innocuous IoT devices connected to their corporate networks, including conference-room devices and printers, which can be single-purpose, but are built on a Linux platform with network connectivity that hackers can breach.
Spencer McIntyre, security researcher for SecureState, said “They’re small enough that a lot of administrators forget they’re there and forget to patch them, change default passwords, and things like that. But they’re running software that is well-known enough to contain vulnerabilities that can be leveraged by attackers.”
Enterprises can protect themselves by ensuring all of the devices accessing their network have up-to-date firmware and implement network security technologies, such as intrusion prevention systems (IPS), firewalls and VPNs, within an in-depth defense framework to minimize potential attack vectors. Although VPNs are commonly associated with securing communications with corporate networks and the Internet, they are often implemented on devices to safeguard machine-to-machine (M2M) communications and more innovative forms of connectivity. By leveraging a VPN, end devices communicate through a secure encrypted tunnel, which makes it much more difficult for an attacker to access an IoT device and breach a network.
With Gartner predicting that the number of IoT devices will rise exponentially over the next few years and top 26 billion by 2020, now is the ideal time for enterprises to improve the security of their networks.