• Skip to content
  • Skip to primary sidebar
  • Skip to footer

Cerulean is content for small business

We help Small Business and Entrepreneurs

Main navigation

  • Home
  • What We Do
  • Who We Are
  • Blog
  • Contact
You are here: Home / Scam, Hacks & Cybersecurity / How a hacked IoT Device Can Put Your Network Security at Risk

How a hacked IoT Device Can Put Your Network Security at Risk

Network security remains America’s greatest threat, according to a 2016 report by James R. Clapper, Director of National Intelligence, to the Senate Select Committee on Intelligence. Topping the list is the growing threat of the Internet of Things.

Predictions claim there will be a total of 24 billion IoT devices by 2020. These devices are attractive to attackers because many are shipped with insecure defaults, including default administrative credentials, open access to management systems via Internet-facing interfaces, and shipping with insecure, remotely exploitable code. To make matters worse, embedded systems are rarely if ever updated in order to patch against security vulnerabilities – in fact, many vendors of these devices do not provide security updates at all. Internet of Things products—including IP connected security systems, connected climate control and energy meters, smart video conferencing systems, connected printers, VoIP phones, and even smart light bulbs—pose a security risk for the companies using them.

How does a hacked IoT device affect the Enterprise? The risk is not so much that an individual device is compromised, but that it provides a gateway to the network—often called “stepping stone” attacks. Once in, IoT botnets can launch DDoS attacks, send spam, engage in man-in-the-middle (MitM) credentials hijacking, and leverage DDoS extortion. Last year there were several historically large DDOS attacks, the most well-known being Dyn, the internet service provider for companies including Twitter, SoundCloud, Spotify, Reddit and a host of others. The DDoS attack on Dyn was made possible when attackers used the “Mirai” malware to capture internet of things (IoT) devices and funnel them into botnet armies that attackers used to send massive amounts of traffic to targeted servers. The IoT devices used in the attacks were primarily internet-connected cameras, but also included routers and internet-connected printers.

Brian Krebs (KrebsonSecurity) reported that the devices were “deployed with standard default user names and passwords, which users had not changed. Even if users deployed the IoT device behind routers, which should have made them unreachable from the internet, the devices use a technology known as universal plug and play (UPnP), which automatically opens ports to enable reaching the devices from the internet.”

The best defense is offense

The IoT has changed many things, but from a security perspective, it is the same challenge as dealing with any other security risk. It requires a programmatic approach. To avoid IoT vulnerabilities, IT departments need to know what is connected to their internal environment. Organizations can defend against DDoS attacks by implementing best practices for DDoS defense, including real-time DDoS mitigation, securing their network infrastructure, ensuring they have visibility into all traffic coming and going from their networks, and ensuring they have sufficient DDoS mitigation capabilities — either on-premise or via cloud-based DDoS mitigation services.

The best defense is offense

The IoT has changed many things, but from a security perspective, it is the same challenge as dealing with any other security risk. It requires a programmatic approach. To avoid IoT vulnerabilities, IT departments need to know what is connected to their internal environment. Organizations can defend against DDoS attacks by implementing best practices for DDoS defense, including real-time DDoS mitigation, securing their network infrastructure, ensuring they have visibility into all traffic coming and going from their networks, and ensuring they have sufficient DDoS mitigation capabilities — either on-premise or via cloud-based DDoS mitigation services.

Need to assess your security and cloud options? I know the people. Contact me.

About Debbi Lynn

Debbi Lynn

I've been in marketing for 25+ years. It's harder now because there are so many options that occupy our time. It's a full time job just to keep up with changes in the digital workplace. My goal is to make it easier for you to be more successful without wasting time.

Sign up for the newsletter and receive early bird access to special offers and resources that will help you discover better ways to create, market and sell your services.

Primary Sidebar

Categories

  • The Summer Days of Marketing Are Over
  • Why You Are Not Getting The Job You Want
  • What About Data Security When Working With Virtual Assistants?
  • Hiring RemotelyOver Half of Companies in Latin America are Now Hiring Remotely
  • Let Your Virtual Assistant Manage Your Social Media
  • The Best Small Business Applications
  • Beware RansomwareRansomware. What You Need To Know.
  • You Know Your Product, But Can You Write About It?
  • Is the Cloud Right for Your Organization
  • Rogue Wireless –The Growing Threat to Your Organization
  • Disaster Recovery & Business Continuity
  • Virtualization is Redefining Business: Healthcare
  • BYOD: Mobile Workforce – Risk or Reward?

Footer

Contact Us

Cerulean Group
San Jose CA
Contact

About Us

Cerulean is a digital content production and management service. We focus on content production, websites and design. Our parent company is Bowie and Fox (bowiefox.com), a publishing company.
Learn More

Follow Us

  • Facebook
  • Linkedin

Terms and Conditions
Privacy Policy
Non Discrimination Policy

Copyright © 2014-2019 · Cerulean Group