Cyber Security and IoT

Malware
Malware is software designed to
infiltrate and damage, control or
disable electronics systems, including
IoT devices. This can come in many
forms including viruses, worms,
trojans, ransomware, rootkit, spyware,
adware and keyloggers. Malware can
be used to form collectives of ‘bots’
(Botnets) for performing automated
malicious attacks (see sub-section
below). According to cyber security
solutions company McAfee, in the
last year there has been a rise of
203% in IoT malware in the form of
‘cryptominers’ that hijack devices
for mining cryptocurrency which
is currently seen as a more lucrative
business than ransomware.
In December 2015, a regional
electricity distribution company in
Ukraine was attacked. The SCADA
system controlling, and monitoring
power distribution was targeted,
enabling the attacker to switch off
several substations. To obtain initial
access to the company systems,
malware was delivered by email. Two
additional power companies were
also attacked resulting in 225,000
customers losing power for several
hours.
DDoS
Distributed Denial-of-
Service (DDoS)
DDoS involves an attacker gaining
access into a large number of
distributed IoT devices. When access
has been obtained, the attacker gains
control of the devices (usually by
installing malware), turning each of
the devices into what is called a ‘Bot’
or Zombie. The attacker can then
instruct a group of ‘Bots’ to act as a
‘Botnet’ to send requests to target
internet addresses, such as cloud
service providers. The significant
amount of internet traffic generated
reduces the capacity or prevents
the target from servicing other valid
users. This can also stop each of
the IoT ‘Bot’ devices functioning as
originally intended.
An example of this is the 2016 Mirai
Botnet. Several high-profile attacks
happened that year, including an attack
on Dyn, an internet infrastructure
company. The attack prevented users
from accessing social media accounts
and other popular websites in the US
and Europe. Mirai was one of the first
pieces of software to enable largescale
DDoS attacks. Mirai scans internet
addresses to find devices, e.g., digital
video recorders and CCTV cameras,
with unsafe, easy to guess, default
usernames and passwords; then it logsin
and configures the devices to send
data to an online target. With enough of
these devices or ‘bots’ sending data, the
online target is overloaded with requests
from ‘bots’ and is unable to accept
requests from legitimate users. More
than 100,000 devices were thought
to have been targeted, taken over, and
used in this attack.
Man-in-middle attacks
This describes where someone
intercepts communications between
IoT devices and/or other Internetconnected
systems. The attacker
poses as the original sender of the
data. This allows eavesdropping and
the ability to send data to and receive
data from the IoT devices undetected,
enabling manipulation of the IoT
devices and connected systems.
Cloud system and data
centre attacks
Cloud system and data centre attacks
can be performed in several ways
by targeting parts of the system
architecture. This may include
attacking the web server function
used to provide IoT dashboards
(displaying data from the IoT devices
or providing centralised control of IoT
devices), or attacking the database
systems used to store gathered IoT
data. As many IoT devices rely on a
cloud system to function correctly,
as part of the overall IoT solution, this
may render the IoT incapacitated or
severely limit the ability for the IoT
devices to function.
IoT attack
surface
IoT
device
Man-in-the-middle
Comms.
network
infrastructure
Man-in-the-middle
Cloud providers
Malware, exploits, poor system configuration and physical attack (Arrows show direction of attack/target)
8