Weaponised IoT attacks: what does the future hold? - April 2017

Weaponised IoT attacks: what does the future hold?
April 2017, This Week's Editor's Pick, Cyber Security

The explosion of connected devices onto our networks is fuelling our imaginations and inspiring incredible visions for the future. There is limitless potential in being able to connect and integrate our cars, houses, appliances, and everything else we own.

We’re falling in love with the so-called Internet of Things (IoT): from the simple example of a connected fridge reordering the milk when it’s running low; to the more sophisticated business realm of connected trucks that process inventory, firing off automated chain reactions within the operations.

Gartner expects we’ll see over 20 billion connected devices by 2020 – promising to fundamentally change the way we live and work (http://www.gartner.com/newsroom/id/3165317). But on the other side of the coin, it thrusts us into a new realm of cyber threats. Suddenly, it’s possible to weaponise hundreds of thousands, millions, or even billions of IoT devices – creating marauding zombie armies that haul servers down with sustained DDoS attacks.

Darren Anstee, chief security technologist at Arbor Networks, explains that: “IoT botnet cybercrime capitalises on weak default passwords of many mass-market surveillance cameras, routers and digital video recorders, infiltrating them with malware and then using them to launch well-orchestrated DDoS attacks.

“Last year we saw the first expression of the now infamous Mirai botnet attack. Mirai represents a new high-water mark in the cyber criminal community. It points towards a number of worrying trends for the future,” Anstee adds.

So, just how will these attacks evolve?

Increased use of reflection amplification

The first wave of IoT botnet attacks may not have used DNS amplification or reflection, but as companies raise their guards, these advanced techniques will be woven into the botnet attacks, allowing attackers to multiply attack traffic multiple fold. By continually scanning networks for new, insecure IoT devices, and then amplifying their presence, hackers are able to flood their victims’ networks with incredible force.

“Weaponised IoT attacks will become more subtle and stealthy than the bold and ground-breaking Mirai bot – which was more about making a statement than it was about actual financial gain,” notes Anstee.

Lower barriers to entry

IoT attacks are actually not that difficult to pull off. For this reason, they’re popping up at a rapid rate. From universities that are taken offline by breaches to their connected light bulbs and vending machines, to the devastating attack which temporarily took the whole of Liberia offline, there are reports every day of new attacks.

“Systems can be easily compromised with publicly available exploit kits and related information,” reveals Anstee. Barriers to entry are lowered by the relative ease that someone can develop their own army of botnets, or rent others’ armies within the dark web.

Automation and agility

“What really made the likes of Mirai and its derivatives successful was the release of the Metasploit module, which made automating the recruitment and weaponisation of devices far easier,” he explains.

In the future, we’ll see attacks that leverage automation at every layer and constantly morph their approaches to get the best possible result. For example, while the original Mirai code looked for 61 different usernames and passwords, future iterations may try millions of different passwords.

Ultimately, these types of threats are likely to thrive over the coming years. They exploit weaknesses in two major areas (the hardware of the connected devices themselves, and the lack of DDoS resistance tools within the targeted victim). Because of the nature of these vulnerabilities, it is very hard for governments and ISPs to come together in coordinating an effective response.

It’s a matter that has received attention in senior political echelons, with former US president Barack Obama quoted as saying that future presidents face the challenge of “how do we continue to get all the benefits of being in cyberspace, but protect our finances, protect our privacy? What is true is that we are all connected. We’re all wired now” ( http://www.computerworld.com/article/3135285/security/ddos-attack-shows-dangers-of-iot-running-rampant.html).

For more information contact Bryan Hamman, Arbor, bhamman@arbor.net

Further reading:

ASIS Security Technology Concepts day
April 2019, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
ASIS SA kicked the tyres of a few technologies at its first Security Technology Concepts day in February.
Visible light facial recognition
April 2019, ZKTeco, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
ZKTeco recently expanded its reach in the facial recognition market with the launch of its new series of visible light facial recognition (VLFR) products.
2019 Internet of Things (IoT) Barometer
March 2019, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
A majority of businesses that use IoT technology agree that it has either disrupted their industry or will do so in the next five years.
When cybercrime affects health and safety
April 2019, This Week's Editor's Pick, Cyber Security
The threat of a category-one cyber-attack is that everything could seem right – the readings on the meter could be fine, checklists would be followed, and equipment would work – yet danger could still unfold.
Cathexis wraps up successful national roadshow
April 2019, Cathexis Technologies, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, News, Conferences & Events, Training & Education
Cathexis Technologies successfully concluded its national CathexisVision Roadshow. With events held in Durban, Port Elizabeth, Johannesburg and Cape Town.
Milestone Systems launches Milestone Marketplace
April 2019, Milestone Systems, This Week's Editor's Pick
Milestone Systems introduces Milestone Marketplace, a digital platform for the video technology industry that connects buyers and sellers to co-create solutions.
Biodegradable security seals for SA
April 2019, TruSeal, This Week's Editor's Pick, Asset Management, EAS, RFID, News, Security Services & Risk Management
The new TruSeal product extension is produced from a special biodegradable material sourced from Malaysia.
CCTV operators’ duties to response personnel at crime scenes
April 2019, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Control room operators often have a responsibility to monitor response scenes that go beyond the initial detection and response relationship.
Cyber/physical perils in hospitality
April 2019, Wolfpack Information Risk, This Week's Editor's Pick, Cyber Security, Entertainment and Hospitality (Industry)
How can we prepare for our holidays and avoid becoming the victim of a scam or data breach?
Surveillance infrastructure has changed
April 2019, Capsule Technologies, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
The processing power required to use AI and deep learning is much higher than companies are used to, making it difficult to use off-the-shelf solutions for server and storage.
Rethink security priorities
April 2019, News, Cyber Security
Cryptocurrency mining is up 237%, phishing attacks increase by 269%, business email compromise attacks have gone up by 28%.
Overcoming the 2019 cyberthreat
April 2019, IT infrastructure, Cyber Security
The flexibility of remote working is good, however, the wider a network perimeter has to stretch, the more scope exists for security breaches.