A new IoT malware was detected in October 2021 with as many as 30 exploit mechanisms that were coded into it. This malware called BotenaGo was able to seek out and attack vulnerable targets by itself without having to rely on any human intervention. Once it infects a device, it creates two backdoor ports viz., Ports: 31412 and 19412. It will then use port 19412 to listen and roll through programed exploit functions and execute them in sequence.
BotenaGo is an autonomous malware which means that it doesn’t need any human intervention once it is released. This malware was released accidentally by its developers and could very well be a beachhead malware I.E., malware that opens the infrastructure to another wave of devastating attacks. This was just the preview. Sectrio’s Threat Research team has come across new propagation and exploit strategies that hackers are using to target IoT deployments exclusively.
Gone are the days when hackers were using highjacked devices to only launch attacks on selected targets. Today, in addition to DDoS attacks, highjacked devices are used for a variety of illegal uses by hackers including sending unsolicited SMS messages, sending traffic to sites to boost their traffic numbers, promoting spam links, and more.
Contracted hackers work by offering two modes. In the first mode, a fixed number of highjacked bot devices are offered to prospective buyers for pre-decided uses. The availability of devices is guaranteed in this mode with the hacker promising to add more devices to compensate for the loss of any device due to the cyberattack being detected. In the second mode, a range of devices or a certain compute power is but on the block by a hacker. The hacker doesn’t care about the end use in this mode. This is to cater to cyber criminals who wish to scale up or ramp down their operations based on various factors.
IoT multi-loader malware in development can increase the number of malware that can be deployed and cover more exploits as well. The hackers have invested more time and money in building more potent malware in the last two years. Some of these developments were funded via ransom crypto money received from victims. With the ongoing crash in the value of cryptocurrency, hackers may turn more desperate and release some of these malware in the test cycles well before its planned release.
Weak IoT security practices don’t help
Even now, we are seeing many IoT proof of concept projects that are taking off without adequate security. Devices are connected online with default credentials, network baselining is not done and no attempt is made to revisit user and device privileges or to check device vulnerability status. The hackers are well aware of these weaknesses and their playbook in fact focuses on overwhelming cyber defenses with newer malware and breach tactics to keep security operations teams busy in the cleanup.
What can be done to improve IoT security?
We have discussed this topic extensively in the past. What is needed is enterprise-wide awareness of the distance hackers have covered in the last two years and how they are just waiting for one slip up before striking and creating havoc. In addition to awareness, here are a few more things to do to secure IoT:
- Study your IoT supply chain including devices, vendors and infrastructure, and platform services providers to see if any of them emerge from regions that are known to harbor APTs that could be linked to the agencies that manufacture these devices, firmware, or supply them.
- Use of default passwords should be disincentivized using penalties if required
- Study the vintage and vulnerability status of all your IoT devices to check if any of them has been left unpatched
- Deploy Zero Trust and reissue user credentials and access privileges. Privileges that have not been used for over 20 days should be frozen
- Create a baseline for your network activity
- Deploy decoys with accurate digital twins that mimic your infrastructure
- Do a Dark Web scan to see if any of your device or access info is appearing there
Stay ahead of hackers: detect all those IoT threats early with our IoT-focussed threat intelligence feeds. Sign up now.
Talk to us to understand how our IoT and OT security solutions can improve your risk management and security posture.
Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds
Learn more about our threat assessment methodology here: OT and IoT Threat Assessment
Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo
Try our threat intelligence feeds for free for the next two weeks.