Tag Archives: IoT

Internet of Things malware destroys devices

In early April embedded devices powered by Google Android, Linux and FreeBSD (specifically the BusyBox distribution) mainly used as media players and routers came under attack from a previously unseen form of malware.

How does this malware affect compromised devices?
Once compromised the device will cease functioning within seconds; an attack being called a PDoS (Permanent Denial of Service). This occurs since the malware corrupts the devices internal storage and reduces the number of kernel (defined) threads (sequences of independent in progress tasks) from several thousand to just one, causing the devices in progress tasks/work load to halt. Security firm Radware demonstrated this result with a webcam.

How does this malware initially compromise a device?
Since early April four unique versions of this malware (dubbed BrickerBot) have emerged. The first version attempted to compromise Radware’s test device almost 2,000 times within four days with the attacks originating from all over the world. The second and more advanced version uses Tor (The Onion Router) to enable attacks to take place from the Dark web (a portion of the internet only accessible using the Tor network). This makes tracing the source of the attacks almost impossible.

Versions 3 targets further devices while version 4 was active during a very briefly and ceased its activity after 90 attempted attacks. Radware provide more details in their analysis.

The malwares authors seek to gain control of vulnerable devices by attempting to access them over the internet via the Telnet protocol (defined, which uses TCP and UDP ports 23) by entering commonly used usernames and passwords until successful. If your network contains routers or music/media devices using the BusyBox distribution they are potentially vulnerable to this malware. Attackers can use tools such as Shodan (defined) to locate vulnerable devices over the internet and begin an attack.

How can I protect my devices from this malware?
Radware provide five steps you can take to better secure your internet of things (IoT , defined) devices from this malware. They also suggest the use of an IPS (defined) in this related blog post. The above recommendations are especially important since unlike other malware where you can re-format a hard disk and re-install the operating system (defined), this malware permanently damages the device and it will require a replacement.

Thank you.

Mitigating the Increasing Risk Facing Critical Infrastructure and the Internet of Things

With attackers and malware authors extending their reach to more and more areas of our everyday lives, both companies and individuals need to take steps to improve the security of their equipment/devices. It’s not just devices such as thermometers (while important) in our homes at risk; devices that impact health and safety as well as entire communities and economies are being / or will be targeted.

For example, last month a cyber-attack took place in Ukraine that while it only lasted approximately 1 hour, served to cause a power outage in an entire district of Kiev. The on-going investigation into this attack believes it to be the same attackers responsible for the December 2015 attack (that attack affected approximately 250,000 people for up to 6 hours).

In a similar manner, a smaller energy company (at an undisclosed location) was a victim of the Samsam ransomware (defined). The attackers initially compromised the web server and used a privilege escalation vulnerability (defined) to install further malware and spread throughout the network. The attackers demanded 1 Bitcoin per infected system. The firm paid the ransom and received a decryption key that didn’t work.

Fortunately, this energy company had a working backup and was back online after 2 days. The root cause of infection? Their network not being separated by a DMZ (defined) from their industrial networks. This Dark Reading article also details 2 further examples of businesses affected who use industrial systems namely a manufacturing plant and a power plant. Both were located in Brazil.

Mark Stacey of RSA’s incident response team says that while nation states have not yet employed ransomware in industrial systems, it will certainly happen. He cites the example of a dam, where the disabling of equipment may not demand a large ransom compared to the act of encrypting the data required for its normal operation.

Former US National Security Official Richard Clarke is suggesting the use of a tried and tested means of increasing the security of all deployed industrial control systems. As it is very difficult convincing those on the Board of Directors to provide budget for something that has not happened/may not happen, he suggests employing an approach similar to that of the Y2K bug. This would require introducing regulations that require all devices after a given date be in a secured state against cyber-attack. He advocates electric power, connected cars and healthcare providers follow this approach and notes that without regulation “none of this is going to happen.” Since these regulations would apply to all ICS/SCADA (defined) vendors, they would also not loose competitiveness

With security analysts predicting further compromises of ICS/SCADA equipment this year, we need to better protect this infrastructure.

For enterprises and businesses, the regulations proposed above should assist with securing IoT and ICS/SCADA devices. However, this is just the beginning. This scanner from Beyond Trust is another great start. As that article mentions the FTC is offering $100,000 to “a company that can discover an innovative way of managing and patching IoT devices.” Securing IoT devices is not an easy problem to solve.

However, progress is happening with securing critical infrastructure and Internet of Things (IoT)(defined) devices. For example, please find below resources/recommendations, tools and products that can help protect these systems and devices.

How can we better secure ICS/SCADA devices?
These devices power our critical infrastructure e.g. power, gas, communications, water filtration etc. The US ICS-CERT has a detailed list of recommendations available from the following links:

ICS CERT Recommended Practices
ICS-CERT Secure Architecture Design
ICS Defense In-Depth (PDF)

An ICS-CERT overview of the types of vulnerabilities that these systems face.

Securing IoT devices in industry
Free IoT Vulnerability Scanner Hunts Enterprise Threats (Dark Reading.com)
Defending the Grid
Network and IoT to underpin Trend Micro’s 2017 strategy

Securing IoT in the medical sector/businesses
Hospitals are under attack in 2016 (Kaspersky SecureList)
Fooling the Smart City (Kaspersky SecureList)

Recommendations for consumer IoT devices are the following
My previous recommendations on securing IoT devices
Blog Post Shout Out: New Wireless Routers Enhance Internet of Things Protection
Securing Your Smart TV
8 tips to secure those IoT devices (Network World)
Who Makes the IoT Things Under Attack? (Krebs on Security)

=======================
I hope that you find the above resources useful for securing ICS/SCADA as well as IoT devices that are very likely a target this year.

Thank you.

Protecting Your Smart TV From Ransomware

In mid-2016 a news article detailed the possibility for Android powered Smart TVs to be infected by ransomware. Last month that prediction came true.

To recover the affected TV, you should reset it to factory default settings. You may need to contact the manufacturer if they don’t provide the steps to perform the reset as part of the devices documentation.

With 2017 predicted to break the record set in 2016 for ransomware, occurrences such as this will likely become more common.

Unfortunately, TV manufacturers are unlikely to pre-harden vulnerable devices before shipping them due to compatibility concerns and increased costs (during manufacturing and later support costs). To increase use of their after sales service they are again unlikely to publish the key sequences or button presses to perform a factory reset.

The ransomware encountered by this software developer was “just” a screen locker. It didn’t also try to encrypt any connected USB drives. Separately, a Symantec security researcher published a helpful list of mitigations to protect against ransomware targeting Smart TVs.

Continuing the trend of protecting Internet of Things (IoT) devices (defined), I hope that you find the above mitigations useful. Please also refer to this previous blog post for more general advice on preventing ransomware infections on your everyday computing devices (non IoT devices).

Thank you.

Blog Post Shout Out: New Wireless Routers Enhance Internet of Things Protection

Happy New Year to all readers of this blog!

With attacks on routers increasing (e.g. this article concerning D-Link) and vulnerabilities being patched within internet of things (IoT) (defined) devices; it’s great news that security technologies are adapting to monitor and protect them.

I wanted to provide a respectful shout out (although not to blog posts) to products from several vendors that promise to better protect from threats such as the Mirai malware and other examples.

Full disclosure: I’m not receiving any incentives or benefits from any of these vendors; I simply wish to promote awareness of existing and upcoming technologies that we can use to better secure the increasing number of IoT devices that we are using in our everyday lives.

For example, early last week Symantec began accepting pre-orders for their new wireless router. Initially this will only be available in the US but will be extended to more regions in the future.

While a wireless router is nothing new, it is one of first that I have encountered that includes protection for Internet of Things (IoT) devices.

In their words it “constantly monitors your connected devices like WiFi thermostats, smart locks, appliances or home security cameras for suspicious activity and identifies vulnerabilities. If a device becomes compromised, it quarantines the threat before it spreads ensuring your digital world is safe.”

A similarly powerful offering from F-Secure is also in progress. Like Symantec, F-Secure’s is scheduled for release in Q2 of 2017.

These solutions are further refinements to wireless router/access point security solutions that have been available since late 2015. For example, Asus’ Ai-Protection feature (using technology licensed from Trend Micro) incorporates most of the features that F-Secure and Symantec offer just without the IoT management and reporting.

There are interesting times ahead as Internet of Things (IoT) devices and wireless router become increasingly more managed and monitored devices allowing us to secure them better. My sincere thanks to a colleague (you know who you are!) for assistance with this post.

Thank you.

Blog Post Shout Out: SHA-1 Migration and Internet of Things (IoT)

With the transition to SHA-2 rapidly approaching (January 2017) if you have not already begun the migration process for your website or are having difficulties locating all of the certificates that need migrating; the following article that I wish to provide a respectful shout out to may be of assistance. The article includes advice on making the best use of the remaining time:

SHA-1 Time Bomb: One Third of Websites Have Yet to Upgrade by Phill Muncaster (Infosecurity Magazine)

This issue is also of note since Google (like the other browser vendors is moving away from SHA-1) will remove support for SHA-1 in Chrome version 56. Further details are provided in their blog post. The source of the statistics for the Infosecurity Magazine article was this blog post from Venafi, an organisation that provides cryptography related solutions and services to enterprises.

=======================
With the DDoS attack (defined) against the DNS service Dyn last month attributed to Internet of Things (defined) devices further steps need to be taken to secure them. To assist with this, the US CERT have written a PDF document titled “Strategic Principles for Securing the IoT”. It is intended for consumers, operators and manufacturers of IoT devices. It is available from the link below:

Securing the Internet of Things (US-CERT)

=======================
Thank you.

Blog Post Shout Out March 2016: Focus on Internet of Things (IoT)

With the increasing popularity of standard everyday appliances and devices e.g. webcams, thermostats, TVs all way up to critical infrastructure e.g. power and water treatment plants being connected to the internet, we need to take measures to better defend them against attack. This is necessary since many devices were not designed/built with security in mind.

To assist you with better securing these devices I wanted to provide a respectful shout-out to following blog posts/articles that will help you defend your devices whether they be installed in a corporate environment or your home:

7 tips for securing the Internet of Things by Chester Wisniewski (Sophos Security)

5 Tips to Protect Networks Against Shodan Searches by Aaron Weiss (eSecurityPlanet)

Should CIOs worry about the Internet of Hackable Things? by Jen A. Miller (CIO.com)

These resources should better prepare you for any potential/actual attacks against these devices. Thank you.