According to the IoT Analytics report, the year 2018 has ended with more than 17 billion connected devices worldwide, of which 7 billion are dedicated to the IoT. As these connection points increase in number, the attacks on them also grow. According to a study performed by McAfee Labs, about 480 new threats per minute have been discovered during the last year.
The year 2018 has been marked by the generation of new stronger, smarter and quieter attacks as it is the case of “cryptojacking“. In addition, the Mirai botnet has continued to present new variants, as its code was made public in October 2016. In fact, in July of this year, it was possible to identify up to seven new versions of Mirai, not very different from each other, but with new ways of exploiting a device.
Main Cyberattacks To IoT Devices During 2018
- Wicked Mirai Botnet. This variant of Mirai malware has at least three new exploits. In this way, Wicked looks for specific vulnerabilities in IoT devices instead of using brute force to try to access to any vulnerable device, as Mirai did. Once the connection is successfully made, the botnet tries to use the exploit and download the payload, depending on the port through which it was connected to the device.
- OMG Botnet. This botnet installs proxy servers on compromised IoT devices. In addition, it is also capable of performing the same actions as the original Mirai. Hence, it is an evolution of the malware that is probably being used to earn money.
- ADB.Miner. It is a mining botnet for Android that affects devices with the ADB interface open. This malware spreads quickly between mobile and smart TVs based on Android. In fact, it infected 5,000 devices in 24 hours. Once botnet accesses the IoT device, he starts performing the mining of Monaro cryptocurrencies.
- DoubleDoor. This botnet takes advantage of two old security flaws detected in the Juniper Networks NetScreen devices and in the Zyxel modems. To access these devices, a pre-set or hardcoded password was used, which allowed the botnet to access easily.
- Hide and Seek (HNS) Botnet. Initially, this malware affected IoT devices that were not secured, especially IP cameras. However, an evolution of it has also infected home automation systems, Android devices with the ADB interface open and multiplatform database solutions. It has infected more than 90,000 devices. The main danger of this malware is that it was the first this year to be able to survive devices reboot.
- VPNFilter. It is the most aggressive of all and affected more than half a million routers and NAS worldwide. It infects network devices that use the Modbus protocol and attacks in a special way the SCADA systems used in industrial deployments. With this botnet, it is possible to share the data between devices using them as nodes, and could even leave the computers inoperative and cut their access to the Internet, in addition to stealing and spying on the data. This botnet is also able to survive the restart of the device.
Main Reasons For Security Failures
When dealing with attacks on IoT devices like Mirai typology, it is important to note that the first thing the botnet does is to scan the Internet for vulnerable IoT devices, to then access them using brute force. Other malware are specifically designed to exploit the already known vulnerabilities of the devices themselves.
If what we want is to protect against such attacks, we cannot ignore what were the top 10 practices to avoid creating, implementing or managing IoT systems according to OWASP.
- Use of weak, guessable or hardcoded passwords.
- Utilization of insecure network services operating on the device.
- Use of insecure interfaces (web, API, Cloud) within the ecosystem outside the device.
- Lack of secure update mechanisms (Over-The-Air Updates).
- Use of insecure or old components.
- Bad or insufficient protection of privacy.
- Transfer and storage of data in an insecure way.
- Lack of management of deployed devices.
- Impossibility to change (or not change) the default security configuration.
- Lack of physical security (physical hardening).
For this reason, it is necessary that in any IoT deployment, be it of any nature, to make clear that security must be a beginning and an end. Hence, suppliers that are already following the security-by-design philosophy are those that offer safer and more secure solutions, at least in the short term. Or even the ones that have implemented the Recommended Security Best Practices for the Endpoint issued by the IIC. The ideal thing for your IoT deployment project is to be able to analyze each of these ten points to select the software provider whose devices are more secure.
Article written by Cristina Marcos, Marketing Manager at Barbara IoT.
If you like this post and want to receive similar content subscribe to our Newsletter.