Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

SMBs Practice Better IoT Security Than Large Enterprises Do

Small-to midsized businesses are more prepared than big ones to face the next IoT attack: good news given the sharp rise in IoT botnet attacks in the first half of 2017, new reports released today show.

Massive IoT botnet Mirai helped fuel a 280% rise in telnet botnet attack activity in the first half of the year over the previous period, but small-to midsized (SMB) business are surprisingly better prepared to deal with IoT threats in general than large enterprises, according to data from separate IoT reports released today.

In its survey of 950 IT professionals from SMBs to large enterprises, Pwnie Express found SMBs check their wireless devices for malicious infections and their employees' BYOD devices for malicious infections with greater frequency than large enterprises.

Some 64% of SMBs checked their wireless devices for infections in the last month, compared to 55% of large enterprises. Nearly one-third of SMBs reviewed employees' BYOD devices for malware in the previous month, compared with 20% of large companies. 

These steps not only help address IoT security in general, but may also aid in preventing SMB IoT devices from getting infected and becoming part of a bot army.  

According to F5 Labs' new report on botnets, not only was there a dramatic three-digit rise in botnet activity in the first half of the year, but most of that movement happened in the first two months. It has been much quieter since then, and F5 believes attackers may have completed their reconnaissance of vulnerable IoT devices and are now the process of potentially building massive botnets.

"We are seeing just the tip of the iceberg" for IoT botnets, says Sara Boddy, F5 Labs lead and author of the company's report, 2017 Rise of the Thingbots.

Approximately two years ago, telnet brute-force attacks were rather uncommon, she says. But with the rising popularity of IoT devices, which typically use the telnet protocol and Port 23 to allow remote administration of the device, Boddy says she expects to see a wide swath of IoT devices hijacked into botnet armies by way of the telnet protocol.

"A lot of IoT devices use Port 23 because when they were designed, no one ever thought a parking meter, teddy bear, or TV would be attacked," Boddy explains.

She adds that telnet-enabled IoT devices are not only easy to attack but they are also a cost-effective means for building a botnet army. IoT devices usually don't have security features in them and may require little direct user interaction like a remotely controlled thermostat, Boddy says. As a result, an attacker has a good chance of keeping an IoT-infected device alive, compared to Grandma's infected computer that gets fixed and then the attacker loses a bot, she notes.

Meanwhile, the pool of potential botnet army targets is expected soar. Gartner is forecasting a 31% year-over-year jump in the number of IoT devices by the end of the year to 8.4 billion.

Businesses with IoT devices running on their networks should take precautions to avoid a DDoS attack by using or having a scrubbing service on call that can handle an onslaught of at least 1 terabyte per second, Boddy suggests.

She also advises organizations to run Web Application Firewalls (WAFs), along with ID access and management tools with single-sign on, and two-factor authentication to help with credential stuffing.

When it comes to SMBs, Boddy says it's important to have a DDoS solution, in addition to other tools to plug the main vectors of attack. "Sometimes these things are cost prohibitive, but at least they should be aware of their known threat gaps," she says.

However, SMBs, generally have smaller security teams and might not have the resources necessary to deal with the IoT threat potential, she notes.

Some Props for SMB IoT Security 

The Pwnie Express, however, has a different assessment of SMBs. Pwnie's report, "Is Bigger Better? How Small & Midsized Organizations Are Better at Closing the IoT Security Gap,"  found 62% of SMBs know how many IoT devices are connected to their network, compared to 47% of large companies.  

Although it stands to reason SMBs may have a better handle on the number of IoT devices on their networks because there are fewer of them compared to large enterprises, there is another more significant reason at play, says Dimitri Vlachos, Pwnie's vice president of marketing.

"Large companies have silos, so when you see an adoption of new technology, the IT department is not always told. But at SMBs, IT departments tend to hear about it because the organizations tend to be flatter," Vlachos says.

SMBs have also been known to involve IT security at their companies when considering new hardware and software to purchase, says Yolanda Smith, Pwnie's director of product management.

Meanwhile, SMBs also tend take responsibility for the IT security of employees' BYOD devices, whereas large corporations maintain more of a hands-off approach, Vlachos says.

Small companies may find the need to be more proactive with an employee's IoT device because a security breach can be far more devastating to a mom-and-pop operation than a Fortune 500 company with deep pockets, he adds.

Although SMBs are more prepared to deal with IoT security, it does not necessarily translate into their ability to fend off a massive DDoS attack. And Vlachos says SBMs are not usually the target of a DDoS attack, anyway.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2002-0390
PUBLISHED: 2019-07-21
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0639. Reason: This candidate is a reservation duplicate of CVE-2002-0639. Notes: All CVE users should reference CVE-2002-0639 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ...
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.