One of the downsides of the inexorable march towards a highly connected society is the fact that cybersecurity risks are growing exponentially. As the number of Internet connected devices increases, so does the number of things that we are able to do digitally. But it also means that there is more risk of someone being able to access the information stored on our devices and harm us in some way, especially in a business environment.
In this sense, the Internet of Things (IoT) is one of the most recent targets for cyberattackers. This is for two reasons: firstly, because it is still in the early stages of being adopted by companies and users, and so fascination with these services may be overriding cybersecurity implementation. Secondly, because this exponential opening up of points of entry to information is turning every connected device into another trophy in the cybercriminals’ cabinets.
Until recently the IoT had a powerful enemy: Mirai, a botnet that remotely controlled connected devices, and which could carry out denial of services (DDoS) attacks, like the one seen in 2016 on Dyn, the provider for Twitter, Amazon and Netflix, among many other platforms.
Mirai, going after Linux
We all believed that Mirai’s attack threshold was limited to IoT devices. But it seems to be that its range of possibilities is much wider than could have been imagined. According to The Register, cybercriminals are beginning to turn to Mirai to open a new flank for cyberattacks: devices equipped with Linux.
It all seems to begin with Hadoop YARN, the open source software structure that is able to store an immense amount of data. According to the Netscout experts who have analyzed the matter, Hadoop contains a vulnerability that allows cybercriminals, with enough resources, to be able to access the system and retain the information on each device or network of devices.
How do these attacks work? Mirai exploits the interconnection between bots to indiscriminately get in on a large scale, with one clear objective: installing malware on all the devices that is can access. And though it seems to be a relatively small group of attackers, the fact is that, according to the experts, using Mirai on Linux is much simpler than using it on Internet of things devices. This means that these cyberattacks show a potential that leads us to believe that we could see an increase in this kind of attack in the short to medium term.
And this is no trifling matter: according to Pascal Greenens from Radware, the Hadoop vulnerability YARN is causing around 350,000 attempted attacks every day. This means that both companies’ and private users’ cybersecurity may be seriously at risk.
How to protect yourself against Mirai?
To avoid being fodder for these cyberattacks, companies must be aware of the dangers that they face, and put into place (or update) the defense strategies needed to avoid or mitigate damage.
1.- Cyber-resilience. We repeat this point quite often, but it is vital: a lack of cyber-resilience is one of the worst enemies of corporate cybersecurity. In a world that is constantly in motion, the strategies used by cybercriminals are always growing, becoming more sophisticated, and changing parameters, so every company must be up to speed with the new trends that are being used.
2.- Monitoring. The best way to avoid danger is to know what is happening in the company’s IT structure at every moment. Companies must therefore select technology solutions that perform this task. In this sense, Panda Adaptive Defense automatically monitors all processes that are running on the system, in real time. This means that it is capable of detecting anomalous situations and thus predicting cyberattacks before their definitive arrival, in order to stop them completely.
3.- Reaction protocol. At times, some companies can’t help being affected by the arrival of a cyberattack. In that case, if this moment comes, they must have an urgent action protocol in place that firstly closes all possible points of entry while the focus of the infection is located, and then totally removes the malware from the system to avoid intrusions or leaking of confidential data.
Combining these three actions is the best way to combat Mirai, both in the version that targets IoT devices and in the new form that it has adopted to attack Linux servers.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
