Just a friendly fyi… if you’re running an Internet router/gateway from Asus or Linksys, please make sure that you’ve updated the firmware recently! In some ways, this strikes me as another example of attacks on the Internet of Things (IoT). If you’ve been following IoT attack trends, then you may have read about the possibility that a refridgerator may have be found sending out spam.
Things seem to be getting worse, and quickly. First, for a little background, please note that the Asusgate vulnerability in question was first disclosed in June 2013.
While Asus fixed the bug, many many many routers have not been updated, and thus there has been some significant data disclosure (a non-Gartner colleague has looked through some of the compromised data and found file names suggesting highly sensitive info from all sectors, include law firms and DoD).
Now we also learn that there appears to be a worm out there affecting Linksys devices (now owned by Belkin, btw, in case you missed that announcement last year).
Read more from SANS ISC: “Linksys Worm ‘TheMoon’ Summary: What we know so far”
So… what’s the take-away here? Well, quite simply, it’s this: You need to monitor and patch ALL your Internet-connected devices, whether that be mobile or desktop or streaming media or even your routers/gateways. Failing to do this can very well lead to compromise and abuse.
Welcome to a brave new world of interesting times…
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.