Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
otnets<br />
delivery method to get the victim to<br />
download and run the malware sample.<br />
These exploitation techniques are<br />
preconfigured and are located in a<br />
memory location that is digitally signed<br />
to prevent tampering. This list can be<br />
updated remotely and propagated<br />
among infected hosts."<br />
The samples identified in Bitdefender's<br />
honeypots in early January revolved<br />
around IP cameras manufactured by a<br />
Korean company. "These devices seemed<br />
to play a major role in the botnet, as, out<br />
of the 12 IP addresses hardcoded in the<br />
sample, 10 used to belong to Focus H&S<br />
devices. The new version, observed on<br />
January 20, dropped the hardcoded IPs."<br />
Like other IoT bots, the newly<br />
discovered HNS bot cannot achieve<br />
persistence and a reboot would bring<br />
the compromised device back to its clean<br />
state. It is the second known IoT botnet<br />
to date, after the notorious Hajime<br />
botnet, that has a decentralised, peer-topeer<br />
architecture.<br />
"However, if in the case of Hajime, the<br />
p2p functionality was based on the<br />
BitTorrent protocol. Here, we have a<br />
custom-built p2p communication<br />
mechanism. The bot opens a random<br />
port on the victim and adds firewall rules<br />
to allow inbound traffic for the port. It<br />
then listens for connections on the open<br />
port and only accepts the specific<br />
commands described below. Our initial<br />
look at the sample revealed an elliptic<br />
curve key inside the file that is used<br />
to authenticate the command which<br />
updates the memory zone where<br />
configuration settings are stored, to<br />
prevent infiltration or poisoning attempts<br />
against the botnet."<br />
CHATBOT MENACE<br />
Meanwhile, a warning has been issued<br />
about another kind of 'bot' - Chatbots.<br />
According to security expert BOHH Labs,<br />
they can also pose a serious security<br />
threat. "Chatbots are quickly becoming<br />
the interface of choice for many<br />
organisations. In fact, a recent survey<br />
conducted by Oracle revealed that 80 per<br />
cent of businesses want chatbots by<br />
2020. While the advances in Artificial<br />
Intelligence (AI) and mobile technology<br />
have created a new set of tools for<br />
brands to communicate with, the<br />
technology itself has yet to reach<br />
a mature state and is consequently<br />
strongly vulnerable to cyberattacks,"<br />
cautions Simon Bain, cybersecurity expert<br />
and CEO, BOHH Labs.<br />
Current bot solutions are not entirely<br />
secure and can create open passages<br />
for cyber criminals to access the data<br />
flowing through chatbot's interface. In<br />
essence, this gives cyber attackers direct<br />
access to an organisations' network,<br />
applications and databases.<br />
As Bain explains: "While bot technology<br />
has improved drastically in recent years,<br />
for maximum security, chatbot<br />
communication should be encrypted<br />
and chatbots should be deployed only on<br />
encrypted channels. This can be easily set<br />
up on an organisation's own website;<br />
but, for brands that use chatbots<br />
through third-party platforms such as<br />
Facebook, the security features are<br />
decided by the third party's own security<br />
branch, which means the organisation<br />
does not have as much control over the<br />
security features on the chatbot. Until<br />
public platforms offer end-to-end<br />
encryption in their chatbots, businesses<br />
should remain cautious."<br />
One of the biggest advantages in using<br />
chatbots is that they are a cheaper<br />
solution to customer service. They can<br />
serve and reach customers in a way that<br />
would otherwise require a tremendous<br />
amount of time and resources. This is<br />
an area where chatbots are gaining<br />
momentum, but instead of bots<br />
Bogdan Botezatu, Bitdefender: the bot<br />
can perform web exploitation against<br />
devices via the same exploit as Reaper.<br />
replacing entire customer service teams,<br />
organisations are working with them in<br />
tandem, in order to improve customer<br />
satisfaction.<br />
However, as chatbots seek to collect<br />
information from users, the information<br />
that is stored and the metadata must be<br />
properly secured. "When running a<br />
chatbot, organisations must consider<br />
how the information is stored, how long<br />
it's stored for, how it's used and who has<br />
access to it," Bain says. "This is especially<br />
important for highly regulated industries,<br />
such as finance, that will deal with<br />
sensitive customer information."<br />
While there are clear advantages to<br />
integrating chatbot technology as a new<br />
communication tool, if companies aren't<br />
made aware of the potential security<br />
risks, confidential data will be accessible<br />
by any determined hacker. "Additionally,<br />
attackers may be able to repurpose<br />
chatbots to harvest sensitive data from<br />
unsuspecting customers." he concludes.<br />
www.computingsecurity.co.uk @CSMagAndAwards March/April 2018 computing security<br />
21