Top | |
Newsletter 12/26/2021 | Back to Contents |
The IoT Mess: Or, What Does a Hacker Want With My Cable Box, Anyway?
One specific answer to that question is DDoS Amplification:
DDoS, as in Distributed Denial of Service attack; and
Amplification, as in to make an electronic signal bigger in
volume. Yes, friends, a hacker can turn
your cable box, or just about any device that we would not, at
first, think as being Internet connected, into just another tube in that
great virtual
Marshall 100-watt stack in cyberspace. Out of over a
half a billion IoT device transactions, 553 different devices from 212
manufacturers were identified, 65 percent of which fell into three
categories: set-top boxes (29 percent), smart TVs (20 percent), and
smartwatches (15 percent). Of particular concern are the vast numbers of IoT devices that are associated with health care are also vulnerable devices. "Depending on who you ask, in the U.S. there are, on average, either a handful or between 10 to 15 connected devices per bed and keeping an eye on them is a difficult."
“Our data shows that hospitals on average have lost track of 30%
of their networked medical devices, making it much harder to protect
them against hackers. This is particularly concerning because some 61%
of all medical devices on a hospital network are at cyber risk and can
be compromised by malicious attackers seeking to steal data, harm
patients or ransomware,” says Motti Sorani, CTO of medical cybersecurity
provider CyberMDX. The takedown of the Emotet Malware early in 2021 gave security researchers a clearer insight into the extent to which IoT devices were under the C&C of the Emotet malware. Although the takedown of Emotet "appeared to have a major impact as well, contributing to a large-scale reduction in botnet agents," security researchers have now turned their eyes on the Mozi malware. The latest large-scale malware of choice for recruiting botnets to use in DDoS attacks, Mozi has a particular appetite for IoT devices. The exploit leverages Common Vulnerabilities and Exposures (CVEs) to infect DVRs, network gateways and other connected devices then use peer-to-peer connectivity to send and receive configuration updates and attack commands. Mozi also has a voracious appetite for networking devices. Since 2019, Mozi has attacked and infected "network gateways manufactured by Netgear, Huawei, and ZTE."
Network gateways are a particularly juicy target for adversaries
because they are ideal as initial access points to corporate networks,"
researchers at Microsoft Security Threat Intelligence Center and Section
52 at Azure Defender for IoT said in a technical write-up. "By infecting
routers, they can perform man-in-the-middle (MITM) attacks—via HTTP
hijacking and DNS spoofing—to compromise endpoints and deploy ransomware
or cause safety incidents in OT facilities.
All of this cyber carnage is exasperated by the ability of the botnet to
use its nodes to amplify its attacks. This is especially in the case
in DDoS attacks.
"A DDoS attack involves multiple connected online devices,
collectively known as a botnet, which are used to overwhelm a target
website with fake traffic." If the attack is on an
Internet connected server, this fake traffic overwhelms the atttacked
server. Thus, the attacked server is taken offline. And your
doctor can no longer remotely access your heart monitor. Maybe the
hospital cannot even read the malfunctioning monitor.
"Real-world repercussions are many: hospital shutdowns,
compromised patient care, regulatory infractions, potential lawsuits and
the loss of a hospitals’ good reputation."
|
Back to Top |