Honeypots: Researchers analyse attacks on IoT systems

18. January, 2022

IoT

The number of small, intelligent devices and systems (“Internet of Things”) is increasing inexorably. Most of the new services come with an extra network connection and “smart” features – cameras, lighting, access systems, displays, motion sensors, speakers, thermostats and more.

It is estimated that by 2025, more than 40 billion smart devices will be connected to the Internet, offering a variety of distributed computing capabilities. The massive spread of a wide variety of end devices with an unmanageable number of software variants and versions represents an immense security risk.

Threats range from simple scenarios such as misuse for crypto mining or as part of denial-of-service attacks to permanent backdoors for unauthorised remote access. An analysis of the preferred types of attack should help to identify suitable defensive measures.

IoT research projects in the USA and Austria

A project at the University of Florida in collaboration with NIST (National Institute of Standards and Technology) simulated different IoT systems over three years and evaluated more than 22 million attacks.[1]

A similar project is also nearing completion in Austria. Under the leadership of SBA Research, results are expected to be available by June 2022. The aim of “AutoHoney (I) IoT” is to achieve a sustainable improvement in the cybersecurity of small distributed systems.[2]

Both projects use so-called “honeypots”, virtual images of real systems that are modified and placed so that they can be found. All attackers’ steps can be closely monitored, and the methods and tools used can be analysed. The insights gained directly contribute to better protection of productive systems.

Patterns in the action of the attackers are visible

The already completed project in the USA shows recognisable patterns in the approach and objectives of the attackers. Most attacks start with mass scans for open ports and targeted commands to disable the firewall. Other common commands are executed to collect information about the hardware. The most frequently tried password combination to access IoT devices was “admin” / “1234”, suggesting that these credentials often succeed.

The most commonly used malware on IoT systems includes crypto miners that misuse the computing power of the target system to compute cryptocurrencies for attackers and botnet clients. The IoT device is integrated into a worldwide externally controlled network such as Mirai, for example, to carry out Denial-of-Service attacks on command. The use of viruses, droppers, Trojans and rootkits was also observed.

How to better secure IoT systems?

Companies and private operators should always keep an up-to-date overview of which “smart” systems are present and active in their network. With a few simple steps, it is possible to improve the security of these devices:

  • Change the default user and assign an individual, strong password
  • Use a separate, isolated network for IoT devices
  • Install available firmware or other security updates as soon as possible
  • Actively monitor your IoT devices and watch for signs of misuse

In the operating environment, monitoring networks and communication relationships and detecting vulnerabilities and anomalies via passive sensors are state-of-the-art. IKARUS customers can access market-leading technologies from Nozomi Networks: they get all the information they need to ensure security, minimise risks and respond quickly to anomalies.

Source:

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download