Malware Samples Targeting Internet of Things Devices Soar

Internet of ThingsThere was a dramatic rise in malware samples targeting Internet of Things devices, according to a new report by Kaspersky Lab.

In fact, the security firm found three times as many malware samples in the first half of 2018 as in all of 2017. Last year, there were ten times more malware samples targeting Internet of Things devices than in 2016. “That doesn’t bode well for the years ahead,” the researchers observed.

Kaspersky Lab set up honeypots to catch cybercriminals in the act. What it found was that that one of the most popular attack and infection vector was cracking Telnet passwords.

Surprisingly, Brazil was the top country from which Telnet password attacks originated. Perennial favorite Russia only finished fourth, behind China and Japan. Better luck next time, Vlad.

Once the criminals crack the Telnet password, their favorite malware to download is Mirai.

For the first six months of 2018, the Telnet honeypot registered more than 12 million attacks from 86,560 unique IP addresses. Malware was downloaded from 27,693 unique IP addresses.

Reaper Botnet Infects Internet of Things

An alternative vector to Telnet password cracking is the Reaper botnet. Its assets at end-2017 numbered about two million Internet of Things devices. Instead of targeting Telnet passwords, this botnet attacks known software vulnerabilities.

With the Reaper botnet, infections occur faster. And it is much harder to patch a software vulnerability than change a password.

“Although this method is more difficult to implement, it found favor with many virus writers,” the researchers wrote.

Infected devices that attacked Kaspersky’s honeypots included MikroTik, TP-Link, SonicWall, AV tech, Vigor, Ubiquiti, D-Link, Cisco, AirTies, Cyberroam, HikVision, ZTE, and Miele.

“Malware for smart devices is increasing not only in quantity, but also quality. More and more exploits are being weaponized by cybercriminals, and infected devices are used to steal personal data and mine cryptocurrencies, on top of traditional DDoS attacks,” the researchers concluded.

Smart Irrigation System Botnets Threaten Public Water Supply

smart irrigation system

Smart irrigation system vulnerabilities could pose risks to the public water supply, warned researchers from Israel-based Ben-Gurion University of the Negev.

The researchers found that attackers could employ a botnet of smart irrigation systems used by city and local governments to remotely turn watering systems on and off at will. This would enable attackers to empty public water supplies held in towers and reservoirs.

The researchers demonstrated how a bot running on a compromised device can detect a smart irrigation system connected to its local area network in less than 15 minutes. The bot can turn on watering of each smart irrigation system using a set of session hijacking and replay attacks.

“By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty flood water reservoir overnight,” said Ben Nassi, one of the researchers who conducted the study.

The researchers examined three popular smart irrigation systems: GreenIQ, BlueSpray, and RainMachine. “We have notified the companies to alert them of the security gaps so they can upgrade their smart system’s irrigation system’s firmware,” said Nassi.

“Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers,” he added.

Countermeasures to Stop Attacks

For countermeasures, organizations running these smart irrigation systems should consider monitoring unusual water consumption in urban water services. Once unusual activities is detected, the organizations can stop the water distribution. Unfortunately, this also prevents people from getting water, which is not a long term solution.

The organization can upgrade from HTTP to HTTPS in their communications. This would prevent attackers from spoofing TCP packets.

Also, organizations can disable SSH because it is not needed to communicate with a smart irrigation system when a cloud serves as a mediator. This will prevent attackers from executing a code on a smart irrigation system by detecting weak passwords, the researchers concluded.