IoT: Moving to Security by Design

/ Mar 27, 2018

By david holmes

With device developers rushing to build IoT as fast as they can, security can suffer.

The Hunt for IoT: The Growth and Evolution of Thingbots Ensures Chaos

Report / Mar 13, 2018

By sara boddy justin shattuck

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Threat Modeling the Internet of Things: Modeling Reaper

/ Mar 9, 2018

By david holmes

Reaper is just one more blinking light in the faces of the InfoSec community reminding us that we need to get ahead of IOT madness.

Thingbots and Reapers and Cryptominers—Oh, My! F5 Labs’ First Year in Review

Blog / Jan 25, 2018 (MODIFIED: Jan 31, 2018)

By debbie walkowski

F5 Labs covered a multitude of threats, vulnerabilities, botnets, attackers, and attacks in 2017. Here are just some of the highlights you might have missed.

Mirai is Attacking Again, So We’re Outing its Hilarious, Explicit C&C Hostnames

Blog / Jan 4, 2018 (MODIFIED: Jan 18, 2018)

By david holmes

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their blacklists and protect themselves.

BrickerBot: Do “Good Intentions” Justify the Means—or Deliver Meaningful Results?

Blog / Dec 28, 2017 (MODIFIED: Jan 16, 2018)

By justin shattuck

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

Reaper: The Professional Bot Herder’s Thingbot

Blog / Oct 26, 2017 (MODIFIED: Dec 18, 2017)

By david holmes justin shattuck

While Reaper might be considered an “object lesson” today, it should serve as a blistering warning that IoT security needs to be fixed now.

Interview With the Experts: The Future of IoT Security Through the Eyes of F5 Threat Researchers

Blog / Oct 19, 2017 (MODIFIED: Nov 30, 2017)

By debbie walkowski

When it comes to IoT threats, we’re nowhere near being out of the woods yet; we’ve just barely entered the forest.

New Threat May Slip Through the KRACK in BYOD Policies

Blog / Oct 17, 2017 (MODIFIED: Nov 26, 2017)

By lori macvittie

Combating this vulnerability might mean you have to force updates on employees’ personal devices or deny them access altogether.

Proposed Legislation Calls for Cleaning Up the IoT Security Mess

Blog / Oct 3, 2017 (MODIFIED: Nov 14, 2017)

By david holmes

Legislation is a good first step toward persuading IoT manufacturers (who want to stay in business) to do the right thing when it comes to the security of their devices.

Wirex Android DDoS Malware Adds UDP Flood

Blog / Sep 1, 2017 (MODIFIED: Oct 4, 2017)

By julia karpin liron segal maxim zavodchik

As quickly as attackers commandeer IoT devices to build more “thingbots,” they continue to evolve their attack types and functionality.

“Cry ‘Havoc’ and Let Loose the Thingbots of War!”

Blog / Aug 17, 2017 (MODIFIED: Sep 21, 2017)

By lori macvittie

Gray hats might have good intentions launching their “vigilante” botnets, but are they really helping us win the war against Death Star-sized thingbots?

The Hunt for IoT: The Rise of Thingbots

Report / Aug 9, 2017 (MODIFIED: Dec 21, 2017)

By sara boddy justin shattuck

“Thingbots” that launch Death Star-sized DDoS attacks, host banking trojans, and cause physical destruction are becoming the attacker infrastructure of the future.

Default Passwords Are Not the Biggest Part of the IoT Botnet Problem

Blog / Jun 6, 2017 (MODIFIED: Jul 20, 2017)

By lori macvittie

Providers and manufacturers could go a long way toward reducing the very real threat of IoT.

The Hunt for IoT: The Networks Building Death Star-Sized Botnets

Report / May 10, 2017 (MODIFIED: Aug 7, 2017)

By sara boddy justin shattuck

With a growth rate of 1,473% in 2016, the hunt for vulnerable IoT devices rages on...

Marcher Gets Close to Users by Targeting Mobile Banking, Android Apps, Social Media, and Email

Article / Apr 7, 2017 (MODIFIED: Sep 11, 2017)

By doron voolf

Marcher targets focused on European, Australian, and Latin American banks, along with PayPal, eBay, Facebook, WhatsApp, Viber, Gmail, and Yahoo—all in the month of March.

Speed Over Security Still Prevalent in Spite of Substantial Risk for IoT Apps

Blog / Mar 3, 2017 (MODIFIED: Jul 6, 2017)

By lori macvittie

Speed to market means IoT and mobile apps are being released with known vulnerabilities.

IoT Threats: A First Step Into a Much Larger World of Mayhem

Blog / Jan 17, 2017 (MODIFIED: Sep 1, 2017)

By ray pompon

So far, we’ve seen IoT DDoS attacks on a Death Star scale. What's next for those of us that may be caught in the blast?

DDoS’s Newest Minions: IoT Devices (Volume 1)

Report / Oct 8, 2016 (MODIFIED: Jul 6, 2017)

By sara boddy justin shattuck

The latest evolution of cyber weapons is brought to you by the default passwords in Internet of Things (IoT) devices.

Mirai: The IoT Bot that Took Down Krebs and Launched a Tbps Attack on OVH

Article / Oct 6, 2016 (MODIFIED: Jul 6, 2017)

By liron segal

The Mirai botnet has infected hundreds of thousands of Internet of Things (IoT) devices, specifically security cameras, by using vendor default passwords for Telnet access.

Yasuo-Bot: Flexible, Customized, Fraudulent Content

Article / Dec 14, 2015 (MODIFIED: Jul 6, 2017)

By shaul vilkomir preisman

Standard mobile banking trojans post their own fraudulent content over banking applications. Yasuo-Bot goes further.

Follow us on social media.