By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    analyst,women,looking,at,kpi,data,on,computer,screen
    What to Know Before Recruiting an Analyst to Handle Company Data
    6 Min Read
    AI analytics
    AI-Based Analytics Are Changing the Future of Credit Cards
    6 Min Read
    data overload showing data analytics
    How Does Next-Gen SIEM Prevent Data Overload For Security Analysts?
    8 Min Read
    hire a marketing agency with a background in data analytics
    5 Reasons to Hire a Marketing Agency that Knows Data Analytics
    7 Min Read
    predictive analytics for amazon pricing
    Using Predictive Analytics to Get the Best Deals on Amazon
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Malicious Tool Provides Attackers with a New Type of Zombies
Share
Notification Show More
Aa
SmartData CollectiveSmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Malicious Tool Provides Attackers with a New Type of Zombies
Security

Malicious Tool Provides Attackers with a New Type of Zombies

SophieDavidson
Last updated: 2015/04/15 at 5:00 AM
SophieDavidson
7 Min Read
Image
SHARE

ImageAn interesting concept which has really emerged only lately – IoT, or: “the Internet of Things”, has recently been in the scope of cyber criminals and internet security specialists.

ImageAn interesting concept which has really emerged only lately – IoT, or: “the Internet of Things”, has recently been in the scope of cyber criminals and internet security specialists.

The IoT is a vision, rather than an actual network. It’s the notion that with increasingly more devices empowered by communication facilities, those devices inevitably end up as entities in a network scheme.

Radio waves and cables have both been used to connect household devices (smart fridges, smartphone-controlled thermostats), animals (GPS trackers on pets, smart aquariums) and
other autonomous technology (wind turbines, forest fire detection sensors).
Rarely are these devices connected only inside their own encapsulated conversation. Often, the engineering behind them has provisioned for control or monitoring coming from the world-wide web. There is even an HTML protocol for connecting with a coffee pot!

More Read

data breaches

How Hospital Security Breaches Devastate Local Communities

8 Crucial Tips to Help SMEs Guard Against Data Breaches
Digital Transformation: How To Protect Your Organization From Cyber Risk
Social Engineering Attacks and Other Cybersecurity Threats to Be Aware of in 2023
Cyber Attacks on Small Businesses: Understanding Risks and Prevention

The merits of having trivial devices connected to each other and the web are numerous, including: devices could coordinate with each other for better efficiency, they could be controlled, monitored or diagnosed remotely, they could have their firmware updated OTA (over the air) and et cetera.
Among the disadvantages, we can assume that whenever there’s a door, there’s a backdoor.

With the added complexity of such devices introducing bugs to previously never debugged operations such as “boil water” or “report that we are short on milk”, some exploitation of
those immature communication protocols is possible.

As a matter of fact, it has already happened.

Truly capable IoT devices usually employ the ARM CPU architecture. Until now, the peculiarity of ARM has kept cyber criminals at bay, with each ARM implementation relying on a bespoke
operating system.

However, with the increased usage of ARM devices (ARM being the most sold architecture during 2014) and the standardization efforts by virtually all the main hardware and software players, the
ground has become fertile for DDoS attackers to develop their impact capacity.

Not only that IoT devices are themselves a target for attackers, a more dangerous breach exists that allows them to be recruited into the botnet that DDoS attackers accumulate to do their bidding.

Spike is a DDoS toolkit comprising of a command center and infectious binaries. The command center is agnostic as to the type of binaries that report to it. The binaries themselves started as badly implemented, run of the mill, DDoS attacks (e.g., SYN floods). What makes it interesting is that it was “ported” from Linux to Windows and also ARM.

An infection would install the binaries inside the IoT device, then, they call back to the command center (the interface of which is in Chinese) and the operator can, from there, commandeer the device, telling it to send different DDoS attacks.
With Billions of ARM devices currently in operation, the motivation of the developers of Spike are obvious – build up a botnet that can dwarf PC-based botnets by sheer numbers.
Additionally, as IoT devices are often autonomous and rarely involve the user in a conversational transaction, when they go out of line, the user is not around to notice something’s wrong and the attack may proceed unnoticed for an extended amount of time. Spike-driven attacks have been known to reach hundreds of Gbps, requiring real heavy artillery to clean up the communication and prevent down time.

There are already security measures made available to the prudent administrator of IoT devices. Some of them are high-level but all are worth googling the forums for precise instructions on how to implement in a particular system:

1. ACL – Access Control List. If the manufacturer has forgotten by default to specify which user is allowed to do what on each file or folder on the device, the owner has due diligence to make sure that the root and system file structures are extremely picky as to whom they allow read/write permissions. This will ensure that the attacker can’t lodge in the zombifying code.

2. SNORT – for the layer-7 Get flood, an open source program such as Snort can be utilized with a rule in place that will exclude – and inform about – Get requests that fit the Spike signature.

3. System hardening – for ARM and IoT in general, have in mind the following top 10.

4. YARA rule – Is a format that allows identification – and sharing – of information inside the files. For Spike, this would the the payload files, which include a “Mr. Black” string inside the files, probably referring to the engineer’s name. 

To put things in scale, the IoT platforms, as launching pads for DDoS attacks still do not represent a large amount of the threat landscape. Only several attacks have been conducted via Spike, albeit that some of them were quite significant, while the rest is done via regular x86 architecture botnets.

Apparently, the addition of embedded devices into the attack vectors is not a shift towards these devices being used exclusively instead of the traditional zombie computers. It is simply one more formidable weapon in the arsenal of Internet perpetrators, contributing to their total attack capacity and explaining at least some of the steep increase in the Gbps that attackers deliver on each assault.

SophieDavidson April 15, 2015
Share This Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

data breaches
How Hospital Security Breaches Devastate Local Communities
Policy and Governance
analyst,women,looking,at,kpi,data,on,computer,screen
What to Know Before Recruiting an Analyst to Handle Company Data
Analytics
data perspective
Tackling Bias in AI Translation: A Data Perspective
Big Data
Data Ethics: Safeguarding Privacy and Ensuring Responsible Data Practices
Data Ethics: Safeguarding Privacy and Ensuring Responsible Data Practices
Best Practices Big Data Data Collection Data Management Privacy

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

data breaches
Policy and Governance

How Hospital Security Breaches Devastate Local Communities

7 Min Read
data protection for SMEs
Data Management

8 Crucial Tips to Help SMEs Guard Against Data Breaches

10 Min Read
cybersecurity risk and threats
Security

Digital Transformation: How To Protect Your Organization From Cyber Risk

14 Min Read
Cybersecurity Threats
Security

Social Engineering Attacks and Other Cybersecurity Threats to Be Aware of in 2023

7 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI and chatbots
Chatbots and SEO: How Can Chatbots Improve Your SEO Ranking?
Artificial Intelligence Chatbots Exclusive
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?