Electronic devices getting hijacked

Monday 21st November 2016
Lock up devices: http://law-512.com/how-to-avoid-ransomware-malware/

If it computes, it’s liable to hijacking unless secured with cast-iron software. Makes you wonder about robots! Alien Vault notes that the Mirai botnet is a malware designed to take control of the BusyBox systems commonly used in IoT devices. BusyBox software is a lightweight executable, capable of running several Unix tools in a variety of POSIX environments that have limited resources. It is an ideal candidate for IoT devices, accordingly, it appears that the DDoS attacks of October 21 have been identified as sourced from XiongMai Technologies equipment.  

 Reuters  recorded that up to 10,000 webcams will be recalled in the aftermath of a cyber attack that blocked access recently  to some of the world's biggest websites, from the Chinese manufacturer Hangzhou Xiongmai Technology Co.  In Washington, a member of the U.S. Senate Intelligence committee asked three federal agencies what steps the government can take to prevent cyber criminals from compromising electronic devices. Courtesy:  Alien Vault  

IoT devices have proliferated at a rapid pace, and anyone that  controls  them can wield significant power. This  came into full display on September 20, 2016 when the Mirai botnet launched a record DDoS attack, estimated at around 620Gbps in size, inevitably taking (right) the Krebs on Security website offline.  But this appears to be just the beginning of IoT-based attacks, as the source code for Mirai has now been published online. 

The IoT Security Challenge
The challenge with IoT devices is that not only are they often insecure by design,  they also lack the options to apply patches or upgrade. Enterprises deploying IoT devices may spend the time needed to change default credentials, place the devices in a segregated network zone, or otherwise harden their systems – but consumers are highly unlikely to implement any such measures.

 Mirai Botnet, Tip of the IoT Iceberg
The Mirai botnet is malware designed to take control of the BusyBox systems that are commonly used in IoT devices. BusyBox software is a lightweight executable capable of running several Unix tools in a variety of POSIX environments that have limited resources, making it an ideal candidate for IoT devices. It appears the DDoS attacks of October 21 have been identified as sourced from XiongMai Technologies IoT equipment.

IoT devices have proliferated at a rapid pace, and anyone that can take control of them can wield significant power. This power came fully into display on September 20, this year,  when the Mirai botnet launched a record DDoS attack, estimated at around 620 Gbps in size, inevitably taking down the Krebs on Security website offline. But this appears to be just the beginning of IoT-based attacks, as the source code for Mirai has been published online.

Opening Pandoras Linux Box
With the Mirai source code published, and no plan in place to patch or otherwise protect vulnerable IoT devices, it was inevitable that the source code would be used out of curiosity and also for malicious purposes. AlienVault labs team have analysed the source code and developed signatures to detect Mirai activity. With the data in Open Threat Exchange (OTX), the team was able to see a significant spike in Mirai activity after the source code went live, both in terms of how many times the signature was hit, and in the number of affected devices.  IoT device security has been spoken about, even joked about for some time, with IoT manufacturers  overwhelmingly choosing convenience, and neglecting to heed  security warnings.  Mirai botnet has given the first real glimpse into the power of an IoT botnet and the damage that can be done.

With no patching feasible for most devices, there is no easy fix in sight. IoT device manufacturers will need to consider building in  fundamental security principles into their designs, and avoiding the use of default credentials. Until  IoT devices have secure options, they will continue to feature prominently at the forefront of cyber security attacks.

You can find IOC’s related to the Mirai infrastructure in Open Threat Exchange: It's free to join OTX, and the platform offers an API to integrate Indicators of Compromise (IoC's) into other security controls. Alien Vault includes this integration and alerts you when (Inversion of control)  IoC's from OTX are detected in your environment.

 

Custom Search

Scotland, Computer News in Scotland, Technology News in Scotland, Computing in Scotland, Web news in Scotland computers, Internet, Communications, advances in communications, communications in Scotland, Energy, Scottish energy, Materials, Biomedicine, Biomedicine in Scotland, articles in Biomedicine, Scottish business, business news in Scotland.

Website : beachshore