James Thew - Fotolia
In this Risk & Repeat podcast, SearchSecurity editors discuss the new wave of IoT attacks and what they mean for enterprises, security vendors and device manufacturers.
The internet of things has come under scrutiny following a rise in sophisticated IoT attacks against enterprises.
Akamai Technologies recently discovered threat actors had exploited a 12-year-old vulnerability in OpenSSH to take control of thousands of IoT devices, including wireless cameras, DVRs and home routers. According to Akamai researchers, the threat actors were using the IoT devices as proxies for malicious traffic. The company is working with several of the top device manufacturers on mitigating the vulnerability, which Akamai dubbed "SSHowDowN Proxy."
The new IoT attacks follow a flurry of massive DDoS campaigns last month, which were tied to an IoT malware strain known as Mirai. The code for the Mirai malware was later made public on a hacker forum, which could lead to more IoT attacks.
Why was a 12-year-old vulnerability left unpatched in these IoT devices? What can threat actors do with compromised devices? How can security vendors and device manufacturers prevent future IoT attacks of this nature? In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of IoT security threats.
Risk & Repeat: Russia accused of state-sponsored cyberattacks
Risk & Repeat: Yahoo security criticized following data breach
Risk & Repeat: MobileIron's James Plouffe on Mr. Robot, mobile threats