Security programs not keeping up with IoT threats

More than 90 percent of IT security professionals said that connected devices will be a major security issue this year. However, 66% aren’t sure how many devices are in their environment, according to new research from Pwnie Express.

IT pros understand the dangers facing their companies, but don’t have the necessary solutions to address these new threats, including IoT malware, like Mirai.

“Mirai demonstrated what the right malware could do if unleashed onto poorly configured or inadequately secured devices,” said Paul Paget, Pwnie Express CEO. “When you consider the exploding number of connected devices, many with poorly configured or no security and the fact that security teams can’t see these devices, it becomes clear that security programs need to shift spending to adapt more quickly.”

Mirai made headlines globally and 84 percent of those surveyed admitted that Mirai changed their perception about threats from IoT devices. Yet, over 65 percent said they either haven’t checked or don’t know how to check their connected devices for Mirai.

With Mirai and its inspired offshoots in the wild, determined attackers see the potential to use vulnerable connected devices for nefarious large-scale purposes and to target and compromise specific networks and companies.

The Internet of Evil Things report found a common point-of-view among 868 IT security professionals polled – the Internet of Things (IoT) is introducing significant risk to companies today, but security programs are not keeping pace.

Key report findings include:

• One in five of the survey respondents (20%) said their IoT devices were hit with ransomware attacks last year.
• 16% of respondents say they experienced Man-in-the-middle attacks through IoT devices.
• Devices continue to lend themselves to problematic configurations. The default network from common routers “linksys” and “Netgear” were two of the top 10 most common “open default” wireless SSID’s (named networks), and the hotspot network built-in for the configuration and setup of HP printers – “hpsetup”- is #2.

In addition, survey respondents shared their top device threat concerns for 2017:

• Misconfigured healthcare, security, and IoT devices will provide another route for ransomware and malware to cause harm and affect organizations.
• Unresolved vulnerabilities or the misconfiguration of popular connected devices, spurred by the vulnerabilities being publicized by botnets, including Mirai and newer, “improved” versions, in the hands of rogue actors will compromise the security of organizations purchasing these devices.
• Mobile phones will be the attack vector of the future, becoming an extra attack surface and another mode of rogue access points taking advantage of unencrypted Netgear, AT&T, and hpsetup wireless networks to set up man-in-the-middle attacks.