Blog Listing

Monday, 06 March 2017 08:57

IOT BOTNETS – WHEN OPEN SOURCE IS MISUSED

Written by
Rate this item
(0 votes)

To get rich, cause damage, espionage - there are numerous reasons for cyber attacks. With this in mind, publicly available sources are often searched for information because they are not classified and are therefore legal and available free of charge. In an earlier article, we already explained what Open Source Intelligence (OSINT) has to do with cyber security and how our experts use OSINT....

IoT – a global computer

But that's enough of the history lesson! Of course, they wanted to connect everything together as quickly as possible and make the data they had gathered accessible. Safety was often of secondary importance. With IoT, a global computer was built - but how can it be kept under control? As Bruce Schneier impressively explained at last autumn's InfoGuard Talk, the Internet of Things is much less secure than many believe. IoT networks and devices have rapidly spread and as a result, they are relatively vulnerable. So this makes them, of course, a popular target for hackers.

In autumn 2016 the source code for Mirai was released. Remember? Mirai is a Linux malware that can be used to create botnets. The source code was quickly used to create a framework for malware to target IoT devices. Malware based on the open source Mirai code can quickly integrate hundreds of devices into IoT botnets and use them for attacks.

5 known variants with memorable names

Satori, JenX, OMG, Wicked and Reaper – these are probably the best known five variants, which were built based on this code. OMG, for example, adds a new feature in the form of an HTTP and SOCKS proxy. This allows an infected IoT device to act as a pivot point, allowing the bot author to scan for new vulnerabilities or launch additional attacks without updating the original binary. The bot author can also convert to private networks depending on what IoT device it is and how it is connected. In other words, IoT devices within the company can be used against you to launch attacks within the network.

On the other hand, Reaper’s behaviour differs significantly from the others in some important ways. For one thing, it is very intelligent and is continuously educating itself. It builds massive botnets, for example, which - theoretically - can paralyse the entire Internet. Reaper goes unnoticed as it settles itself into networks and recruits new IoT devices from there, which in turn pass on the infection. The damage that such a massive botnet can do is enormous. Reaper's potential for damage is believed to be countless times higher than the 2016 Mirai botnet.

VPNFilter malware

Using open source for malware is not new, of course. In addition to Mirai, the malware VPNFilter, for example, has given a whole new dimension to the issue by infecting half a million routers in 54 countries.

The goal of VPNFilter malware is not to blindly exploit IoT devices for DDoS attacks. Not at all, VPNFilter is much more sophisticated and goes through several stages after the primary infection. One is to carry out a classic man-in-the-middle attack by gathering data in a network connected to the infected device. The data is then encrypted and transmitted via a Tor network. Malware can also hide the origins of later attacks, but that is by no means the end of the story. The fact is that IoT devices are booming, which means that IoT botnets can spread even faster - and will do so.


What can I do against IoT botnets? 

It is imperative that IoT network operators establish policies and strictly follow best practice regarding patches and updates. This means that identified device vulnerabilities can also be rectified retrospectively. In addition, the team responsible must have a very wide-ranging insight into all areas of the network. However, security teams also need to be constantly informed about current global threats and should exchange information so that they are better able to identify the attacks and precursors of an attack.

As you can see, there are two sides to every coin, and the Open Source movement is not without negative consequences, even if they are unintentional. Cyber criminals are as smart as they are sneaky. They will use all available means to exploit the networks (and their possibilities) on which we are increasingly dependent. Stay alert and rely on a strong defence. This is the only way to protect yourself from the growing threat of IoT botnets!

Knowledge as an (or the most) effective tool for defending cyber attacks

 

The more you know, the better you can protect yourself. And what's more invaluable than free expert tips? Stay up to date and don't miss out on the blog posts from our cyber security experts. They report every week on current trends, dangers and solutions, and provide valuable insights from the world of cyber security and defence. We also regularly publish whitepapers, checklists and videos, that you can use every day. So, what are you waiting for?

Read 63 times Last modified on Wednesday, 22 May 2019 11:59

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

About Paeonia

Expert for innovative network solutions and comprehensive cyber security.

Get A Security To Secure Your business.

Get In Touch

Address: 40 Veslets Street, 1000 Sofia BG.

Phone: +359 87 790 8676

Fax: +359 87 790 8676

Email: info@paeonia.net

Website: www.paeonia.net

Join Our Community

Sign up to receive email for the latest information.

Search