Cybersecurity: upgrade essential

Wednesday 21st June 2017
Software sabotage stages

Security experts have warned that Mirai, the malware behind an Internet of Things (IoT) botnet, could be adapted to survive device reboots, enabling hackers to build bigger and more disruptive botnets.  Mirai is able to take over insecure IoT devices, enabling attackers to build botnets that they can use in attacks - either surreptitious attacks or aggressive distributed denial of service (DDoS) attacks.  The malware surfaced last year when it infected, en masse, home security systems and digital video recorders (DVRs), which were running old versions of the open source operating system Linux. 

Mirai is, perhaps, best known for its part in the DDoS attack on internet infrastructure firm Dyn, which caused problems accessing sites including Amazon, Netflix and Twitter. Malware in IoT devices generally survives until the user reboots the equipment, clearing the memory and erasing any trace of malware from the device.

ESET has discovered the malware is the biggest threat to critical infastructure since Stuxnet (the malicious worm that was responsible for causing substantial damage to Iran's nuclear program) named Industroyer. As the name suggests, Industroyer was designed to disrupt critical industrial processes. The original blog post can be found here and the accompanying whitepaper can be read here. 

Commenting on the (right) news is Andrew Clarke, EMEA Director at One Identity. He says;  "There is no doubt that malware has progressively become more sophisticated—the latest variant to grab the headlines “Industroyer” or Crash Override as it is also known; seems to be a big leap forward.   Unlike Stuxnet, it does not appear to be built for a specific attack; it is modular; automated and appears to be configurable to target different types of industrial systems – so far electrical power grids. It was likely used to close down the power grid in parts of Kiev, Ukraine in December 2016.   In order to launch an attack however, the malware does need to scan the target network; and it is the scanning – seen as unusual network traffic - that can alert administrators to its presence.  

The big question, is how does the malware get onto the network in the first place.  It is likely, that it is taking advantage of vulnerabilities that have existed for some time and as typical in operational industrial systems since it provides a specific function it doesn’t need to be modified – apart from the fact that those vulnerabilities are like the unlocked door.  Attention to those systems; and specifically looking at what external access is possible and then closing down that access or at least ensuring the access is only permitted for authorised and authenticated personnel/systems. 

Often there are hardcoded passwords in complex systems which are needed for fast interaction; and using tools that control application to application privileged password usage these can be replaced by programmatic calls that access a privileged password safe.   There is no doubt that in our modern interconnected world – the traditional control systems that our society has relied on for so long is in much need of a cyber security upgrade!"

Custom Search

Scotland, Computer News in Scotland, Technology News in Scotland, Computing in Scotland, Web news in Scotland computers, Internet, Communications, advances in communications, communications in Scotland, Energy, Scottish energy, Materials, Biomedicine, Biomedicine in Scotland, articles in Biomedicine, Scottish business, business news in Scotland.

Website : beachshore