These past months we've seen clear signs that someone's building another massive botnet. This army of hijacked IoT devices seems to be significantly larger than last year, when the botnet Mirai knocked out thousands of companies and institutions.
The security firm Check Point writes on their blog October 19th that "A New IoT Botnet Storm is Coming". The post has been picked up by several publications and websites, including Wired and Techradar who recommends everyone patch their IoT devices with the latest version of software.
We can only agree that it's time to protect your devices as soon as possible.
If you're retroactive and decide to adopt a "whatever happens, happens" mindset, you'll essentially be contributing to making the internet more unusable. You'll also, along with various hacking organizations, unconsciously say you're fine with your devices being used to attack governments and other companies. The company being attacked could even be your own!
READ MORE: 5 IoT solutions that went wrong – and why
Unprotected mobile units
If you have unprotected units connected by a mobile 3G or 4G subscription, you're also risking extreme expenses. A hijacked IoT device can easily generate gigabytes of data during a DDoS attack – gigabytes for which you and your company will have to pay your mobile operator. We've seen bills as high as € 10 000. If you've got several hijacked devices, you can see costs in the hundred-thousands.
Is it still worth it to let your devices remain unsecured?
Apart from investing in our security product Link, we recommend all our customers do the following:
- To protect your devices from unwanted traffic, it's essential to use firewalls and/or IP-filtering. If you choose not to limit what IP addresses are allowed to communicate with your devices, there's a major risk they'll get hacked.
- Turn off the option to send SMS. A hijacked device may generate enormous amounts of them.
- Change the default password of your units, and use an eclectic mix of capitals and lowercase letters, numbers, and special characters.
- Close ports and functions you're not using in both devices and servers.
- Make sure to always install the newest software and firmware.
- Limit the number of users who can log on to the router and firewall.
- Install monitoring probes to detect anomalies in mobile data usage.
Have your devices be part of the solution, and not part of the problem.
Have a Safe Day!