Dark Reading (12/06/13) Chickowski, Ericka
A newly discovered Linux worm targeting embedded devices is the latest example of such attacks aimed at the Internet of Things. The Zollard worm was identified shortly before Thanksgiving by Symantec researchers, and targets a PHP vulnerability that was patched in May 2012, but remains in many older and unpatched embedded devices such as printers, conference call equipment, and security cameras, as well as network routers and switches. Such devices, which often run a basic version of Linux and remain freely accessible fro the Internet in their default configurations, are proving to be a vexing problem for enterprise information security. “They’re small enough that a lot of administrators forget they’re there and forget to patch them, change default passwords, and things like that,” says SecureState researcher Spencer McIntyre. Cisco researcher Craig Williams says these devices are easy targets for attacks that can be used to spread malware or serve as base to further infiltrate networks. Rapid7’s HD Moore expects to see a proliferation of botnets composed of compromised embedded devices in coming years. Williams says the best defense against attacks targeting embedded devices is network level protection, such as IDS systems that can identify and block attacks against vulnerabilities such as the one leveraged by Zollard.