IoT

A new IoT malware was detected in October 2021 with as many as 30 exploit mechanisms that were coded into it. This malware called BotenaGo was able to seek out and attack vulnerable targets by itself without having to rely on any human intervention. Once it infects a device, it creates two backdoor ports viz., Ports: 31412 and 19412. It will then use port 19412 to listen and roll through programed exploit functions and execute them in sequence. BotenaGo is an autonomous malware which means that it doesn’t need any human intervention once it is released. This malware was released accidentally by its developers and could very well be a beachhead malware I.E., malware that opens the infrastructure to another wave of devastating attacks. This was just the preview. Sectrio’s Threat Research team has come across new propagation and exploit strategies that hackers are using to target IoT deployments exclusively. Gone are the days when hackers were using highjacked devices to only launch attacks on selected targets. Today, in addition to DDoS attacks, highjacked devices are used for a variety of illegal uses by hackers including sending unsolicited SMS messages, sending traffic to sites to boost their traffic numbers, promoting spam links, and more. Contracted hackers work by offering two modes. In the first mode, a fixed number of highjacked bot devices are offered to prospective buyers for pre-decided uses. The availability of devices is guaranteed in this mode with the hacker promising to add more devices to compensate for the loss of any device due to the cyberattack being detected. In the second mode, a range of devices or a certain compute power is but on the block by a hacker. The hacker doesn’t care about the end use in this mode. This is to cater to cyber criminals who wish to scale up or ramp down their operations based on various factors. Read more: Why IoT Security is important for today’s network IoT multi-loader malware in development can increase the number of malware that can be deployed and cover more exploits as well. The hackers have invested more time and money in building more potent malware in the last two years. Some of these developments were funded via ransom crypto money received from victims. With the ongoing crash in the value of cryptocurrency, hackers may turn more desperate and release some of these malware in the test cycles well before its planned release. Weak IoT security practices don’t help Even now, we are seeing many IoT proof of concept projects that are taking off without adequate security. Devices are connected online with default credentials, network baselining is not done and no attempt is made to revisit user and device privileges or to check device vulnerability status. The hackers are well aware of these weaknesses and their playbook in fact focuses on overwhelming cyber defenses with newer malware and breach tactics to keep security operations teams busy in the cleanup. What can be done to improve IoT security? We have discussed this topic extensively in the past. What is needed is enterprise-wide awareness of the distance hackers have covered in the last two years and how they are just waiting for one slip up before striking and creating havoc. In addition to awareness, here are a few more things to do to secure IoT: Worried about IoT security? Let our IoT security threat assessment specialists help you now. Reach out for a special custom package now. Stay ahead of hackers: detect all those IoT threats early with our IoT-focussed threat intelligence feeds. Sign up now. Talk to us to understand how our IoT and OT security solutions can improve your risk management and security posture. Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds Learn more about our threat assessment methodology here: OT and IoT Threat Assessment Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Operational Technology (OT) has certainly been around for much longer in some form when compared to both Information Technology (IT) and the Internet of Things (IoT). Yet, when it comes to OT security we are still taking the first concrete steps toward securing the OT environment and plugging the security gaps that have emerged thanks to its integration with IT. The need to secure OT has arisen not from the need to evolve, but from the rising cyberattacks on converged environments that we have seen in the last 5 years.  IoT security also seems to be treading the same path. Let us find out how and why.   Security was never even an afterthought when it came to OT. Instead, these systems were built to last and work efficiently. This is why you see so many devices of vintage 90s still working hard in places like factories and power plants while everything around them in terms of infrastructure has undergone a drastic change in terms of digitization. Many of the OT devices were built to operational perfection and were in a manner of speaking more than aligned to the functional need of the times. Once your maintenance cycle is complete, these devices work will like a charm doing the same work repeatedly without any problem.     When IoT arrived on the scene in the late 2000s (I mean in terms of large-scale R&D and some bit of adoption as well), we had already had instances of OT being attacked by all kinds of actors. The attack on the Maroochy sewage plant in Maroochy Shire a small town in Queensland, Australia was well behind us. In fact, the lessons from that attack were embraced more by hackers than by cybersecurity teams. This is why cyberattacks on OT evolved significantly in the last two decades.   When the Ukrainian Power Plant was attacked in 2015, the hackers were found to have conducted reconnaissance missions as early as 8 months before the attack materialized. The level of sophistication involved and the fact that the hackers could have done much more damage to Ukraine’s power infrastructure didn’t lead to any major thrust globally on improving OT security. However, with the Colonial Pipeline and JBS attacks, governments were forced to act and bring in measures to make businesses report on such attacks as a first step towards eventually securing OT-based critical infrastructure.   Despite having the example of the dangers of not securing devices and infrastructure available to cybersecurity planners, analysts, developers, and the whole world, we saw IoT evolving fast while paying scant respect to security. Accumulated wisdom should have informed us that had we prioritized IoT security much earlier, we could have had much more secure systems and hardened infrastructure operating at much lower security costs. Not only would this have given us a security culture surrounding IoT as a tech, but it would have also led to businesses taking security more seriously without having to depend on the government to force them to act.   Instead what are seeing is a journey down the oft-beaten path wherein security is offered some ritualistic attention after a major incident. With Industry 4.0, the cost of a breach, even a sub-kinetic one can be unaffordable. One has to just read our latest IoT and OT Threat landscape and analysis report to understand how the threat environment has deteriorated significantly in the last year but our institutional detection, response, and security approaches are still stuck in the 90s.   So there you have it two different technologies separated by time following the same evolutionary trajectory when it comes to security. Maybe it is the path of least resistance or the “we need to improve features and functions while security takes care of itself” syndrome that is at play here.   No matter what the cause, one thing is clear, a wake-up could be around the corner.   Talk to us about the simplified approach to IoT security that minimizes your institutional risk exposure significantly.  Worried about not having the right threat intelligence for your IoT projects, talk to us to try our threat intelligence feeds for free for the next two weeks. Participate in the CISO Peer Survey 2022 and make your opinion count now, fill up our uniquely designed survey here: CISO Peer Survey 2022 Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Vulnerable routers (2 global brands) and compromised monitor screens and fleet tracking systems were used extensively by hackers as part of large botnets to share and deploy rootkits across the globe in March. This resulted in a significant spike in botnet traffic recorded by our global honeypots in March. Though the spike has subsided a bit, the rise in infections caused by this sudden surge will only become apparent in the next few weeks. This trend presents a new reason for concern among IoT cybersecurity teams.     Most of the attacks were logged at 2.5 MBPS and above and the requests ranged from 1.5- 3 million requests per second on certain target websites. Based on the traffic patterns, over 150 command and control servers located across 15 countries were identified by Sectrio’s threat research team. These servers were coordinating not just the spread of the attacks but the propagation of a variety of rootkits and other payloads including Revil ransomware. The sudden botnet expansion could also be attributed to the use of older versions of certain operating systems in phones and other desktop and laptop machines. With such an expansion, hackers now have more bots at their disposal as well as a means to upgrade their botnet infrastructure by promoting more bots to command and control servers. The scope for many of these Bot networks to grow exponentially in the next weeks has increased with the rising number of bots getting added each week. Also Read: Why IoT Security is Important for Today’s Networks? Traffic from these botnets was not confined to any geography and each bot was sending traffic to multiple IP addresses across regions. Analysis of this traffic reveals a well-orchestrated strategy being deployed by hackers to target IoT projects at various levels and phases as well as to expand botnets by targeting consumer devices. The level of stealth and obfuscation is growing as hackers devise new means to bring down multiple target entities through the same botnet. Many of the old botnets are also being resurrected for this purpose as hackers are planning to increase their operations across geographies. For IoT projects, this is bad news as the lessons from 2020 and 2021 as articulated in our IoT and OT Threat Landscape reports seem to have been forgotten or ignored. While a portion of these new IoT-linked botnets may be connected to projects that are in the PoC phase, a larger volume of the traffic seems to be emerging from established projects as per the traffic patterns analyzed by Sectrio’s threat research team. This is quite a worrying development as it indicates the possibility of existing IoT devices being compromised or new and untested devices being added to existing projects without security-linked adequate testing. How will this impact IoT security? Coming in wake of the crisis in Ukraine and a period of excess activity within institutional and government-run SOCs, there is a possibility that many such attacks will turn into targeted attacks on specific projects and infrastructure (which could be the ultimate objective for these hackers). The reactivation of Sandworm hackers and the appearance of new and more stealthy rootkits in the wild are two separate trends that will converge over the next few weeks as these botnets expand their range and targets. Overall, this underscores the need to enhance IoT security and invest in the right set of cyber threat intelligence feeds. With vulnerability management, patching, and devise testing receiving little or no attention, the time is ripe to diversify IoT cybersecurity measures to cover more ground and deepen the digital moat surrounding your infrastructure.   While systems that are based on older OS hosts can be upgraded to minimize the number of botnets, what is also needed is action from IoT project operators who need to do some serious rethinking of their cybersecurity priorities. With the average ransom demand jumping by leaps and bounds each year, hackers are raking in profits and expanding their operations and targets. How can you improve IoT security? Always go by the ‘security-by design principle. Remember, the earlier you think of IoT security, the better are your chances of deterring hackers and bad actors Approval of IoT projects should also have a security component. That means that unless every stakeholder including IoT cybersecurity analysts are not convinced by the security measures, the project simply doesn’t get off the design board Cyber discipline and hygiene should be treated as aspects that are beyond compromises and placed above deadlines as a project imperative Go for IoT threat intelligence feeds Know what exactly is happening in your network at all times, do periodic security audits and checks From a security perspective, there shouldn’t be any difference between a PoC project and a fully operational one. This step alone could improve IoT security by a big margin Interested in learning the 7-step approach to improving IoT security in 7 days? Talk to our IoT cybersecurity experts today. Book your slot now. Download and use our compliance kits to improve your institutional security posture: visit Compliance Kits Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

In a recent update, CISA and DoE (Department of Energy) jointly acknowledged the rising trend of cyberattacks and raised a concern over vulnerabilities associated with internet-connected UPS (Uninterruptible Power Supply) systems. This alert comes in light of the recent growth of cyberattacks targeting critical infrastructure not only in the United States but across countries that play a strategic role in various military and non-military geopolitical alliances. The alert raises concerns in the following areas: UPS systems are vulnerable to attacks when connected to unsafe networks Most UPS systems connected to the internet have little to no security on the cyber front. Out of the box, these systems come with default usernames and passwords and in most cases, the default credentials are unchanged for years after installation. In large organizations UPS systems bought in bulk often have the same login credentials across each installation to access them. Read more from the report here: Mitigating Attacks Against Uninterruptable Power Supply Devices Dependable, reliable, and omnipresent energy aid Uninterruptible power supply (UPS) has been a boon to humanity even before the dawn of the age of computers. In most cases, these systems are used to provide clean and emergency power supply in times of power outages or to regulate the surges in the flow of electricity. Also Read: Is NIST working on a potential cybersecurity framework update? In the early days, the UPS systems were often connected to critical industrial machines to prevent any occurrence of unsafe shutdowns or the breakdown of such machines due to surges in electrical power. In fairness, UPS has been a constant source of reliable and safe energy in times of desperate need. With the growth and the rise of digitalization, UPS was later introduced widely for consumer use and thus began its rise in popularity. Significant upgrades and advancements to UPS systems later followed in its evolution to provide vital insights into the networks and connected equipment. Such UPS systems now come with the ability to connect to the internet, provide vital insights into monitoring any surges in a steady stream of power, remind concerned authorities of timely maintenance, and much more. These internet-connected UPS systems are also actively in use by several healthcare (IoT sensors, IoMT equipment), manufacturers (OT, ICS, SCADA equipment), pharmaceuticals (OT and ICS equipment), enterprises (backups to servers), and other critical infrastructure industries while providing a steady flow of safe and uninterrupted energy during vital organizational operations. Also Read: Why IoT Security is Important for Today’s Networks? This growth of IoT or the internet-connected UPS systems has also become a critical component when integrated with network and poses grave cyberthreats when overlooked for its availability for functional operations. Potential casualties incurred by a successful cyberattack on internet-connected UPS systems. Manipulation of data on IoMT or denial of service on vital healthcare equipment Sensor manipulations Disabling the Automatic voltage regulation (AVR) Destruction via a surge in power supply Denial of service on enterprise servers Malware injection Lateral movement via a compromised network can lead to data leakage Privileged escalation It is hence established that internet-connected UPS plays a critical role. What can be done to secure internet-connected UPS? While the CISA and the DoE suggest regular and timely updates of software and the use of MFA as immediate steps, we at Sectrio, suggest all take a step back and follow these steps. Have ample visibility into your network, be it even a remote or a hearing aid that is connected to your network. Monitor for anomalies on the network Log network activities Segment your network into zones and conduits. Also read: How micro segmentation can help secure your connected assets. Use of MFA and strong passwords Use of safe VPN Regular vulnerability scans to identify gaps in security Compliance with IEC 62443, Zero Trust, and NIST CSF Working with real-time threat intelligence Reporting of cyber incidents or suspected incidents as quickly as possible to the right authorities. Will cyberthreats ever stop? On March 29th, 2022, a statement made before the House Judiciary Committee by the FBI cyber division stated that “As adversaries become more sophisticated and stealthier, we are most concerned about our ability to detect and warn about specific cyber operations against U.S. organizations. Maybe most worrisome is their focus on compromising U.S. critical infrastructure, especially during a crisis”. This official statement by the FBI’s cyber division brings perspective on the state of cybersecurity in North America and is an alarming wake-up call to all organizations for immediate cybersecurity revamp into their ever-growing converged cyber environment. For more information on the evolving threat landscape and insights into emerging cyberattacks and bad actors, read our latest IoT and OT threat landscape assessment report 2022Learn how Sectrio’s solutions can help secure your organizations today. Reach out to our cybersecurity experts to get started now. Join our upcoming webinar: Key Takeaways from the Sectrio’s Global Threat Landscape Assessment Report 2022 IoT and OT focused threat Intelligence feeds free for 15 days! Try it right now: Threat Intelligence