Palo Alto Networks’ Unit 42 has found new malicious activity targeting IoT devices using a variant of Mirai dubbed IZ1H9 which is a piece of malware that turns IoT devices running Linux into remotely controlled bots that can be used in network attacks. Here’s the kicker. The devices have to be exposed to the Internet to be at risk.
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“It’s hard to believe that sensible organizations are leaving ports 80 (HTTP), 22 (SSH), and 23 (TELNET) open on devices that are public facing. In fact, I would never leave one of those ports open on any device – even if they were completely not accessible from the internet. When organizations leave them accessible, they are directly contributing to the botnet problem.
“The practice of leaving these ports open right off the assembly line is especially prominent in IoT device manufacturers, and in my modest opinion, is utter negligence. And once again, I call for some sort of international governing body to hold these IoT manufacturers responsible for their devices becoming botnet infected, then used to attack others. It appears that some sort of penalty is the only way to get manufacturers to shore up security on the devices they make and sell to others.”
I have to admit that I see this sort of thing all the time, and I have to educate them as to why this is bad. It’s bad enough that threat actors are trying to find new and creative ways to make your life miserable. You should not leave the front door open for them.
Like this:
Like Loading...
Related
This entry was posted on May 30, 2023 at 1:53 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
IoT Devices Turned Bad Bots by New Mirai Variant
Palo Alto Networks’ Unit 42 has found new malicious activity targeting IoT devices using a variant of Mirai dubbed IZ1H9 which is a piece of malware that turns IoT devices running Linux into remotely controlled bots that can be used in network attacks. Here’s the kicker. The devices have to be exposed to the Internet to be at risk.
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“It’s hard to believe that sensible organizations are leaving ports 80 (HTTP), 22 (SSH), and 23 (TELNET) open on devices that are public facing. In fact, I would never leave one of those ports open on any device – even if they were completely not accessible from the internet. When organizations leave them accessible, they are directly contributing to the botnet problem.
“The practice of leaving these ports open right off the assembly line is especially prominent in IoT device manufacturers, and in my modest opinion, is utter negligence. And once again, I call for some sort of international governing body to hold these IoT manufacturers responsible for their devices becoming botnet infected, then used to attack others. It appears that some sort of penalty is the only way to get manufacturers to shore up security on the devices they make and sell to others.”
I have to admit that I see this sort of thing all the time, and I have to educate them as to why this is bad. It’s bad enough that threat actors are trying to find new and creative ways to make your life miserable. You should not leave the front door open for them.
Share this:
Like this:
Related
This entry was posted on May 30, 2023 at 1:53 pm and is filed under Commentary. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.