malware
Malware Abstract Background

By Peter Buttler

2016 has been a busy year for advanced cyber-attacks including social engineering, ransomware, and malware, especially ‘Mirai’ which has been the most notorious after its source code leak.

In September, the hosting provider OVH experienced a record-breaking 1 Tbps bad traffic* from more than six thousand internet-connected IoT devices powered by Mirai malware. Soon after, in October, Dyn reported a Mirai powered malware attack on its DNS infrastructure which shut down popular websites including Twitter, CNN, Netflix, Sound Cloud, GitHub, and few others.

Since its source code leak, more advanced variants are expected to come into sight.

Keeper Security researched the state of cyber security in Small and Medium-Sized Businesses in Q2’2016. They found the web-based attacks, phishing attacks, and malware attacks to be the most common ones.

figure1

Figure 1 KeeperSecurity –  What types of attacks did your business experience?

48 percent responded that their businesses experienced the web-based attacks, 43 percent responded to Phishing attacks, and 35 percent responded to general malware as the most common cyber-attacks. Moreover, 48 percent respondents said they experienced such attacks because of negligent employee or contractor.

figure2

Figure 2 KeeperSecurity – What were the root causes of the data breaches your business experienced?

 

 Other Key Findings:

  • 50 percent of SMBs experienced numerous breaches in past 12 months.
  • 59 percent of SMBs are not aware of employee password practices and hygiene.
  • 65 percent of SMBs does not strictly follow its password policies.
  • Only 14 percent SMBs represented their ability to mitigate cyber risks effectively.

Malware, in question. Since the integration of IoT devices has rapidly in organizations. Securing Internet-connected devices from such attacks not only helps in protecting the device itself but it provides your business:

  • Success in data delivery.
  • Security of brand reputation.
  • IP blacklisting prevention.
  • Cost reduction from potential malicious damages.

By following a few best practices and policies in your organizations not only prevents against malware infecting IoT devices in business premises but also protects against web-based attacks.

Change and Setup Unique Passwords

As the report suggests, SMBs does not have the technical knowledge; as the bare minimum, companies should adopt a policy of changing the default passwords on internet connected to network infrastructures such as VPN, computers, BSYOD, and IoT devices. Many IoT devices manufacturers offer remote password changing capability which companies can opt.

Device Protection

The SMBs should consider implementing some intrusion detection systems, Client firewalls, anti-virus solutions, Business VPN, or other secure network gateways. Only forty-four percent thought anti-denial of service as necessary. However, DDoS attack has increasingly become severe and frequent after Mirai malware source code leak.

The company should regularly analyze it security and policies of internet connected devices. Leaving the device unsupported and outdated raises the risk of being compromised.

Use HTTPs Interface Where Possible

Beginning from 2017, Google will drop support for HTTP connections and move towards the more secure web. HTTPs provides security and network traffic encryption for safe web browsing over the internet.

If computer manages your company’s IoT network infrastructure, then you should make a policy of using HTTPs over the internet wherever possible or install plugins such as ‘HTTPs Everywhere’ from EFF.

Shut Down IoT Devices When Not In Use

If the company’s IoT devices offer other communication (SSH, Telnet, other) protocols that are idle and offer the ability to be turned off, then disable them. Disabling the ports from listening mode removes the risks of potential exploits.

Utilizing these three basic practices the company can significantly reduce potential cyber attackers from using company’s IoT embedded devices to compromise company’s network and other people.

Peter Buttler is a professional security expert and lecturer. He serves as a digital content editor for various security organizations. While writing he likes to emphasize on recent security trends and some other technology stuff. You can follow him on Twitter.

*Tbps = tera bits per second (or tera bytes per second). 1 tbps of bad traffic means incoming internet traffic to a website from compromised devices for attack.