It’s Time to Keep Your Kernel Live-patched
F Secure, Finland’s major cybersecurity and privacy company, recently released their Attack Landscape Report for the first half of 2019. Using their global network of honeypots with unique detection capabilities, F Secure reported 2.9 billion events. This is a threefold increase in attack traffic as compared to previous years.
“99.9% of traffic to our honeypots,” wrote F Secure, “is automated traffic coming from bots, malware and other tools. Attacks may come from any sort of connected computing device – a traditional computer, malware infected smartwatch or IoT toothbrush can be a source.”
Here’s F Secure’s visualization of the top malware variants found in their honeypots:
IoT insecurity is a major and pressing issue, with devices being compromised as part of nation-state reconnaissance, conscripted into giant botnets, manipulated in assaults on power grids, and hacked for cryptocurrency access.
Everyone from consumers to enterprise users to vendors are concerned that their IoT devices can be compromised. How can we best protect ourselves?
But what exactly are the biggest problems and vulnerabilities to avoid when building, deploying, or managing IoT systems? According to the Open Web Application Security Project (OWASP), one of the top ten issues is “use of insecure or outdated components.”
And nothing is more perilous than an insecure or updated Linux kernel.
Many IoT appliances and devices run on Linux. It allows for multiple suppliers of software, development and support; it has a stable kernel; and it facilitates the ability to modify and redistribute the source code. However, an IoT device running on Linux is as just as susceptible to vulnerabilities as any other Linux system. Worse, because of the nefarious opportunities unique to various types of IoT device, they are even more vulnerable to the attention of hackers. There are hundreds of vulnerabilities found every year, and some of them can be incredibly destructive, like CVE-2017-18017 and CVE-2015-8812.
The kernel is the most important part of any Linux system, providing vital low-level functions to the entire system. Any security issues detected within the kernel jeopardize the whole server. Once a hacker has exploited the kernel, they can get anywhere, and access everything, including customer data, for months or years. It’s like a thief getting into the safe-room. Once your kernel has been infiltrated, you’re exposed to the worst possible digital damage.
What can we do to mitigate these issues? Rebootless Live-patching is key.
In their report, F Secure emphasize the need to keep systems and applications updated with current software and security patches.
Linux kernel vulnerabilities need patching right away. If you’re rebooting to patch your kernel, you’re not nearly as secure as you could be. Rebooting is the method that most software companies use to apply patch updates to their servers. But because rebooting is a hassle, off-lining websites, kernel patching is always delayed, for weeks or even months.
This gap between patch issue and patch application will leave IoT devices open to every attacker in cyberspace. If you aren’t applying kernel patches as soon as possible, then you are leaving yourself exposed to hackers who know all the current vulnerabilities, and are eager to exploit them to spy, steal or disrupt.
Automatic Linux security patching with KernelCare solves this dilemma. Protect IoT devices; start live patching today.