• A
  • A
  • A

IPV6 Test         email Hindi Marathi

Last Updated: 2nd May 2018


 

Cyber Security Alerts

Satori Botnet

Satori Botnet affecting IoT devices

You may be aware that a new Botnet named as Satori has been found infecting Internet of Things (IoT) devices.

One of the possible modus operandi of this malware is as under:

  • Compromise IoT systems.
  • Create botnets of the compromised devices.
  • Use compromise devices to launch DDoS attacks.
  • Make network connections to receive commands to launch further attacks.

Following countermeasures can be taken to protect the IOT devices;

  • Restrict Web Management Interface access of IoT devices to authorized users only and change default username/passwords
  • Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required.
  • Keep up to date Antivirus on the computer system
  • Keep up-to-date on patches and fixes on the IoT devices, operating system, and applications.
  • Unnecessary port and services on the devices should be stopped and closed.

Kindly visit https://www.cyberswachhtakendra.gov.in to get information about latest malwares/botnets and to download free botnet removal tools.

 

Mirai Botnet

Mirai Botnet affecting IoT devices

A new malware named as Mirai targeting Internet of Things (IoT) devices such as printers, video camera, routers, smart TVs is spreading.The malware is capable of scanning the network devices or Internet of Things and try to compromise these systems especially those protected with defaults credentials or hardcoded username passwords.    

The malware is capable of performing the following function:

  • Compromise IoT systems with default username and passwords
  • Create botnets of the compromised devices.
  • Use compromise devices to launch DDoS attacks.
  • Make network connections to receive commands from launch further attacks.

 Indicators of compromise:

  • Abnormal traffic on port 2323/TCP and 23/TCP as it scans for vulnerable devices.
  • Command and Control Network traffic on port 48101/TCP.
  • Huge outbound traffic if the device is part of DDoS attack.

When the malware runs, it turns the infected system into a bot connecting to a C&C server. Bot-infected systems are connecting to the C&C Servers on specific ports and listen for commands from the remote attacker. In view of the high damage potential of Botnet infected machines, the customers are requested to disinfect their systems and take appropriate countermeasures suggested below to prevent such incidents in future.

Countermeasures for securing IOT devices:

  • Restrict Web Management Interface access of IoT devices to authorized users only and change default username/passwords.
  • Always change Default login credentials before deployment in production.
  • Change default credentials at device startup and ensure that passwords meet the minimum complexity.
  • Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required.
  • Users should be aware of the installed devices and their capabilities. If a device comes with a default password or an open Wi-Fi connection, users should change the password and only allow it to operate on a home network with a secured Wi-Fi router.
  • Control access to the devices with Access List.
  • Configure devices to "lock" or log out and require a user to re-authenticate if left unattended.
  • Identify systems with default passwords and implement abovementioned measures. Some the systems that need to be examined are Routers, switches, web applications and administrative web interfaces, ICS systems, Telnet and SSH interfaces.
  • Implement account lockout policies to reduce the risk of brute forcing attacks.
  • Telnet and SSH should be disabled on a device if there is no requirement for remote management.
  • Configure VPN and SSH to access device if remote access is required.
  • Configure certificate-based authentication for telnet client for remote management of devices.
  • Implement Egress and Ingress filtering at the router level.
  • Report suspicious entries in Routers to your Internet Service Provider.
  • Keep up to date Antivirus on the computer system.
  • Keep up-to-date on patches and fixes on the IoT devices, operating system, and applications.
  • Unnecessary port and services should be stopped and closed.
  • Logging must be enabled on the device to log all the activities.
  • Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems.

FTTH HighSpeed Vertical Banner 200 x 700