Halloween is a time for scary stories. IT security news presents a good number of scary stories throughout the year, but I thought I’d share a few of the scariest stories that you may not know about, including zombie stories.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iAccording to Appthority, about a quarter of all devices have a zombie app installed. A zombie app, the blog explained, is an app that is no longer available in the app marketplace, so it isn’t getting updates to patch known vulnerabilities. This could create nightmare scenarios for IT and security professionals because, in addition to lacking current security fixes:
Zombie apps are also in a position to be exploited by third parties, offering fake updates and content or targeting known vulnerabilities that were never patched. Plus, there is no way to know what has happened to the data the Zombie apps collected. When an app is taken off the app store and no longer creates revenue for the developer, who ensures the user data is deleted or is not sold or put to other uses?
What can be done about zombie apps in the workplace? It requires tighter control of BYOD and, yes, maybe deleting a favorite app and replacing it with something current.
Zombies are taking over your Internet of Things devices, too. You may already know that, due to that giant DDoS attack of a couple weeks ago. However, it appears that the zombies especially attacked webcams, leading to a recall of the cameras by Chinese electronics company Hangzhou Xiongmai. The reason that the webcams were perfect zombie targets is the overall downfall of IoT, said Tech Crunch:
The webcams were cited by security experts as being susceptible to attack and inclusion in the Mirai botnet used to flood Dyn’s DNS as having default passwords that were easy to guess, making it simpler for attackers to crack their logins and incorporate them into the botnet.
We know we can do something about these devices, but as ESET found in a recent survey, we aren’t doing enough to eradicate zombies from attacking in the first place:
While 85 percent know their webcams could potentially be accessed by unauthorized persons, 36 percent have not taken any preventive measures. And 29 percent believe their webcam has actually been accessed.
What can we do to prevent having your IoT devices turned into zombies? Changing the password from the manufacturer’s default is a good first step.
IoT devices acted as zombies, but what about preventing your data center from being attacked by those undead machines? Muralidharan Palanisamy, CPO of AppViewX, provided a few tips to IT Business Edge. The tips include improving asset management and knowing physically where your servers and data are; using network scanning tools to discover unwanted guests lurking in your infrastructure; and keeping up with data center maintenance.
I hope that the only zombies you have to deal with this Halloween are the ones who show up at your door looking for candy.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.