Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT devices as an attack vector

Published byClemence Cameron Modified over 6 years ago

Similar presentations

Presentation on theme: "IoT devices as an attack vector"— Presentation transcript:

1 IoT devices as an attack vector
Igal Zeifman, Dima Bekerman,Ben Herzberg (Imperva) Chuck McAuley(IXIA) Mirai, Kami and other new malware ALAS Research Group December 2nd 2016

2 Motivation Source:

3 Motivation: DDoS Attacks in Q3 2016
67 Countries targeted. 62.6% of the targets are in China 18.7% from the US 8.7% from South Korea China accounts for 72.6% of the attacks. Linux Botnets account for 78.8% of the attacks Large Scale Attacks (Krebs/Akamai, OVH, Dyn) Krebs, sept 20 – 620 GBPS OVH, sept 22 – 799 GBPS DYN, OCT TBPS ( Largest Attack ever)

4 Main Culprit: Mirai Botnet
Written in C/ Go cross-compiles across 18 different architectures without problem Two families of botnets: Default Credentials SOAP vulnerability Signature detected in many attacks DDoS on Krebs, OVH, Dyn (Strain 1) DDoS against Liberia, Deutsche Telecom Routers (Strain 2)

5 Geographic Location

6 Propoagation and Attack Patterns
Propagation patterns Wide Range IP Scans Dictionary Attacks Against a list of default passwords Usually executes its payload from /tmp Attack patterns: HTTP, GRE, SYN, ACK, STOMP, DNS, UDP Floods Uses spoofed user-agents Can circumvent classic security solutions Can bypass DDoS protection tools Simple (or Streaming) Text Oriented Message Protocol

7 Attack Patterns (Cont’d)
Don’t mess with list IPs to avoid scanning.( DoD, USPS, GE, HP) Kills extra services Kills competing malware

8 Command and Control Control Server written in Go
Using Go optimizations for performance. Listens on port 23 and Port 101 Port 23 : Control + Telnet Admin Console Port 101:Management API

9 Command and Control: Initial Conx

10 Command and Control: Heartbeat
Bot -> Server then Server to bot Every 60 seconds

11 Command and Control: Attack Inst.

12 Command and Control: Attack Inst.

13 Command and Control: Attack Inst.

14 Kami and r0_bot Share some similar patterns with Mirai
Nest themselves into hidden folders. Propagate through IP Scanning / Default Credentials Attack patterns unknown (dormant malware)

15 Solutions In case of Read/Write Linux subsytems
Change the passwords from default Reboot your device. In case of Read-Only Linux Subsystems Depends on the manufacturer’s patch Community patched firmware (if possible). Disable Telnet Better IoT device design (Standardization?) Better DDoS mitigation tools Academic Research?

Download ppt "IoT devices as an attack vector"

Similar presentations

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Packets and Protocols Chapter Seven Real World Packet Captures.

Packets and Protocols Chapter Seven Real World Packet Captures.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.

1 Cost-Effective Strategies for Countering Security Threats: IPSEC, SSLi and DDoS Mitigation Bruce Hembree, Senior Systems Engineer A10 Networks.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.

PC and Server Protection with Trend Micro Worry Free Business Security Troubleshooting Client Server Connectivity Ian Thiele 1.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
OS Hardening Justin Whitehead Francisco Robles. ECE 4112 - Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.

OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.
Web Application Firewall (WAF) RSA ® Conference 2013.

Web Application Firewall (WAF) RSA ® Conference 2013.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6- security-03 Eric Vyncke Mark Townsley

Advanced IPv6 Residential Security draft-vyncke-advanced-ipv6- security-03 Eric Vyncke Mark Townsley
Transmission Control Protocol TCP. Transport layer function.

Transmission Control Protocol TCP. Transport layer function.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.

AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.

Similar presentations

Ads by Google