Application security, Application security, Threat Management, Security Strategy, Plan, Budget

SANS calls for admins to secure IoT devices as manufacturers drag feet

With the timer set for a potential wave of high powered IoT-botnet fueled DDoS attacks triggered by the release of the Mirai source code, SANS Institute researchers are calling on system administrators to do their part in securing connected devices as they feel manufacturers have dragged their feet to address the issue.

More than two years ago, the SANS researchers approached DVR manufacturers about an attack which exploited a telnet server with a trivial default password and approached the manufacturer about the issue, according to an Oct. 10 blog post.  

While some manufactures released updates, some did not, so there are still plenty of unpatched devices connected to the internet which resulted in an estimated 100,000 or so botnets launching attacks that exceed one Terabyte per second, the post said.

Researchers suggested that administrators consider running the latest version of Cowrie on a honeypot to help researchers monitor password attempts and pattern shifts, as well inform others to ensure their connected devices are secure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.