Search This Blog

Showing posts with label IOT Security. Show all posts

Internet of Things (IoT): Greater Threat for Businesses Reopening Amid COVID-19 Pandemic

 

Businesses have increasingly adopted IoT devices, especially amid the COVID-19 pandemic to keep their operations safe. Over the past year, the number of IoT devices employed by various organizations in their network has risen by a remarkable margin, as per research conducted by Palo Alto Networks' threat intelligence arm, Unit 42. 
 
While looking into the current IoT supply ecosystem, Unit 42 explained the multi exploits and vulnerabilities affecting IoT supply chains. The research also examined potential kinds of motivation for exploiting the IoT supply chain, illustrating how no layer is completely immune to the threat.  

The analysis of the same has been reported during this year's National Cybersecurity Awareness Month (NCSAM), which is encouraging the individual's role in protecting their part of cyberspace and stressing personal accountability and the significance of taking proactive measures to strengthen cybersecurity. 
 
The analysis also noted that supply chain attacks in IoT are of two types – through a piece of hardware modified to bring alterations in a device's performance or from software downloaded in a particular device that has been affected to hide malware. 
 
While highlighting a common breach of ethics, the research mentioned the incorporation of third-party and hardware components without making a list of the components added to the device. The practice makes it hard to find how many products from the same manufacturer are infected when a vulnerability is found on any of the components. Additionally, it also becomes difficult to determine how many devices across various vendors have been affected in general, by the vulnerability.

"The main goals for cyberespionage campaigns are maintaining long-term access to confidential information and to affected systems without being detected. The wide range of IoT devices, the access they have, the size of the user base, and the presence of trusted certificates make supply chain vendors attractive targets to advanced persistent threat (APT) groups..." the report stated. 
 
"In 2018, Operation ShadowHammer revealed that legitimate ASUS security certificates (such as “ASUSTeK Computer Inc.”) were abused by attackers and signed trojanized softwares, which misled targeted victims to install backdoors in their system and download additional malicious payloads onto their machines." 
 
While putting things in a cybercrime perspective, the report noted - "The potential access and impact of compromising a large number of IoT devices also make IoT vendors and unprotected devices popular choices for financially motivated cybercriminals. A NICTER report in 2019 shows close to 48% of dark web threats detected are IoT related. Also in 2019, Trend Micro researchers looked into cybercriminals in Russian-, Portuguese-, English-, Arabic-, and Spanish-speaking marketplaces and discovered various illicit services and products that are actively exploiting IoT devices." 
 
The report stressed the need to "enlist" all the devices connected to a certain network as it will help in identifying devices and their manufacturers, enabling administrators to patch, monitor, or even disconnect the devices when needed. There are instances when all the vulnerable devices are unknown in the absence of a complete list, therefore it is imperative to have complete visibility of the list of all the connected devices in order to defend your infrastructure. 

Bot List Containing Telnet Credentials for More than 500,000 Servers, Routers and IoT Devices Leaked Online


This week, a hacker published a list on a popular hacking forum containing Telnet credentials for over 515,000 servers, home routers and IoT (Internet of Things) "smart" devices. The massive list which reportedly was concluded by browsing the whole internet in search of devices that left their Telnet port exposed, included IP addresses of all the devices, username and password for the Telnet service and a remote access protocol that can be employed to control devices over the internet.

After scanning the Internet in search of devices exposing their Telnet port, the hacker attempts to use either factory-set default usernames and passwords or custom but guessable combinations, as per the statements by the leaker himself.

These lists, generally kept private – are known as 'bot lists' that are built after hackers scan the Internet and then employed them to connect to the devices and install malware. Sources say that although there have been some leaks in the past, this one is recorded as the biggest leak of Telnet passwords till date.

As per the reports of ZDNet, the list was made available online by one of a DDoS-for-hire (DDoS booter) service's maintainer. There's a probability that some of these devices might now run on a different IP address or use other login credentials as all the leaked lists are dated around October-November 2019. Given that using any of the listed username and password to access any of the devices would be illegal, ZDNet did not use it. Therefore, they were not able to comment on the validity of these credentials.

A security expert in the field of IoT, requesting for anonymity, tells that even if some of the listed credentials are invalid by the time for devices now have a new IP address or password. However, the listings still hold a lot of value for a skillful and talented attacker who can possibly use the present information in the list to identify the service provider and hence update the list with the current IP addresses.

Certain authentic and verified security researchers are given access to the list of credentials as they volunteered for it.

Attacks on IoT devices and WebApps on an extreme rise for the Q3

Ransomware threats and Malware numbers have fallen but are presently more active and dangerous. More than 7.2 Billion virus attacks originated from January to September in the year 2019. Also, 151.9 million ransomware crimes were found.

Important conclusions cover:

  • IoT malware mounted to 25M, a tremendous 33% rise 
  • Encrypted attacks rose to 58% 
  • Web application threats are on the increase, revealing a 37% rise during the same time for last year Malware threats reached 7.2 Billion 
  • Ransomware threats hit 151.9 million 
  • 14% of the malware threats were received from non-standard gates


"The attacks may be dropping down for the moment but the truth is the figures of threats are still extremely high and more dangerous in history. We have reported a rise in geographical threats in America and involving the UK and Germany. The researchers at our lab are also investigating distinct and increasing threat vectors, like surface channel threats and tricks," says The SonicWall Capture Threat Network. “While observing the ransomware range, we also recognize that ransomware attacks tricks have evolved,” says SonicWall CEO and President Bill Conner.

“Earlier, the hackers aimed at the number of viruses but today we are witnessing that hackers concentrate on less more eminent victims for expanding sideways. This change in tricks also witnessed a similar increase in the payment demands through ransomware attacks, as the criminals try to steal high payment from the few, but profitable victims such as hospitals and regional districts." “The evidence reveals that cyber-criminals are becoming better at attacks, more specific and more careful. Companies should be careful and make more stringent safety laws in their institutions to overcome the menaces that our experts have found,” says Conner.

He further adds “we suggest that organizations should adopt a combined and multilayered safety program that gives solid security beyond all systems to avoid being the cover story for cyber attack news”. Phishing threats are matching series with malware and ransomware attacks. However, the attacks are also going down at a rate of 32% each year, a figure that has been the same for most of the time this year.

Hackers Using Smart Devices to Launch Phishing Attack against Russian Business


Cybersecurity experts recorded a unique mass attack on Russian business. It is unique because hackers disguised themselves as well-known brands and used smart devices. This is the first mass attack of this kind.

Hackers presented themselves as representatives of famous brands, including retail chains, construction and oil companies. They sent e-mails with malicious software, in particular, on behalf of the Auchan hypermarket chain, or on behalf of the transnational energy Corporation Gazprom, qualitatively copying their style.

The e-mails contained the encryption virus Shade/Troldesh, it encoded files on users devices and demanded from them a fee for access to them.

Vladimir Dryukov, Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the intensity of this phishing mailing is several times higher than usual. According to him, the attack affected about 50 largest companies in Russia, whose employees received 10-50 letters a day. Group-IB experts recorded up to 2000 mailings per day.

The main feature of these attacks is the use of smart devices, for example, hacked routers around the world, as they are much more difficult to track. In addition, virus emails can be sent from any device that is capable of it, for example, modems, ecosystems of smart homes, network storage. Experts believe that in the future the number of hacker attacks using them will only grow.

"Usually IOT devices are used for DDoS attacks. Sending phishing emails from routers is still exotic, " said Vladimir Dryukov.

It is worth noting that the attacks on Russian companies began in November, but their peak came in February. Which companies were attacked and how much damage was caused to them is not disclosed.