IoT extortioners are more dangerous than “traditional” malware

Malware used for extortion (ransomware) this year has become one of the most serious cyber threats . And today, everyone - from ordinary users to corporations and government organizations - are trying to protect themselves from encrypting software. However, we are ignoring the beginning of the next wave of ransomware attacks, which are aimed at encrypting not the files, but the devices connected to the Internet of things. And it can be much more dangerous and unprofitable, given the ubiquitous and extremely diverse nature of IoT.

IoT-malware has been spoken about for some time on the net and at conferences , but for the time being they were not considered a serious threat because they were evaluated from the same positions as the “traditional” extortioners. But there are a number of differences, due to which IoT-malware can be even more dangerous than the encryption code that we are already familiar with.
')

IoT malware does not hold your data hostage

Well-known cryptographers like CryptoLocker and CTB-Locker search on infected machines and block important files. Their main strength, in addition to the anonymity of the ransomware authors, is irreversibility - the victims are forced to either pay for the decryption key or say goodbye to the files (if they did not spread the straw in advance ). It is usually considered that files and important data have a value expressed in money, which attracts ransomware. But devices on the Internet of things either have no data at all, or extremely few of them. So, following the logic, attacks of extortionists are not interesting from the point of view of profit, right? Wrong.

Instead of “just” blocking files, IoT malware has the ability to control real systems outside the computer. And since IoT technologies are of an exclusively applied nature, malware can immobilize cars, turn off electricity, and stop production lines. Such programs can do much more mischief, and therefore hackers may require far more substantial sums. This greatly increases the attractiveness of the new "market". It can be argued that hacking an IoT device can be “rolled back” by a simple reboot. However, the incentive to pay extortionists comes not from irreversibility, but from the inopportuneness of the attack, criticality and potential losses from losing control over the system, even for a short time.



As the Internet of Things expands the capabilities of life support devices (such as cardiac pacemakers or drug injectors) and industrial systems (power grids, pumping stations), the financial gain from blocking the IoT infrastructure — and the damage from late unlocking — will grow exponentially. Encrypting data on computers is one thing, and turning off power grids, cars, or traffic control systems is another. Whole cities and even regions may suffer. Organizations that use the Internet of things in industrial control systems are most at risk. This includes power plants, hospitals and large automated production facilities.

The consumer IoT device industry can still wait

The possibility of attacks on consumer-grade IoT devices, including smart homes and offices, networked cars (and soon autonomous) and wearable gadgets, has already been proven.



In August 2016, researchers from Pen Test Partners showed how using a malware can take control of a thermostat connected to the network and set it to raise the temperature in the rooms to the maximum, forcing the owner to pay for the unblocking.

Chris Young, senior vice president of Intel Security, in an interview with Bloomberg talked about how malware can affect transport. “Suppose in the morning you got into a car connected to the network — or offline — and suddenly the message appeared on the screen:“ If you pay $ 300, let me get to work today. ”” Today this is not yet possible, but the scenario no longer looks fantastic, given the development of technology.

Malware can steal sensitive data and private information sent to the clouds. For example, video from network-connected cameras in homes, or data from fitness gadgets and life support devices, in order to blackmail people , threatening to publicize sensitive or harmful information.

It is too early to talk about the inevitability of the threat of malware for smart homes and networked cars, even though consumer-class devices often have big security problems. It is the heterogeneity of applications and devices created by thousands of manufacturers that makes it difficult to widely use malware.



Today, the IoT industry is highly fragmented, there are practically no standard approaches, operating systems and communication systems. Therefore, to conduct massive centralized attacks is very difficult. Each attack has to be sharpened for a specific type of IoT device, which reduces the one-time number of potential victims.

It can be concluded that, at the moment, the benefits from attacks on consumer-class devices are still small. But in the future the situation will change, as the Internet of things will increasingly get into homes and offices.

In the industrial IoT segment, it's time to sound the alarm

A completely different picture with the industrial systems of the Internet of things. They are already very attractive for attacks with the help of malicious ransomware. This includes any important systems that affect the lives of thousands and millions of people and are extremely expensive to operate. For example, this year in the United States, a number of hospitals were subjected to a series of attacks with the help of malicious extortionists . Due to the blocking of file systems in offices, many workflows have stopped. And what if the Internet of things was widespread in them, and even in critical departments ?

If the hospital's IoT system is compromised, it puts the health of the patients at risk. The value of life for criminals fades compared with the size of the ransom. And there is a high probability that the hospitals will pay the first requirements, because they will need some time to restore the protective perimeter. In a similar scenario, attacks on production facilities can be conducted. If a simple is fraught with huge losses, then the owners will certainly agree to pay the attackers to reduce the damage.

Another important target for IoT malware is the power grid and power plants. The accident in 2003 perfectly illustrates their role in the modern world. Although the cause was not a cyber attack, the software also made its contribution . More than 55 million people turned out to be in the zone of catastrophic power failure, and the damage amounted to about $ 6 billion. 13 years ago, a number of unfavorable coincidences and bugs in the software led to such consequences, but attackers could do the same if they can profit from this. Will extortionists pay energy companies? Politicians? Big business?

How to make IoT-systems more resistant to ransomware malware

An absolute solution, as well as a universal one, does not exist. But many experts believe that compliance with certain general recommendations and methodologies can help organizations and manufacturers improve their protection against malicious programs.

One of the highlights is the ability to remotely update the firmware of devices. Safety is a journey, not a destination, because no device will always be safe. Therefore, updating the firmware should be a very simple, effective and safe process. The latter is especially important since unsafe update channels can become breeding grounds for infection. To protect against this, there are time-tested measures, for example, blocking the processor and firmware, encrypting communication channels between devices. In addition, a robust update channel will help restore already cracked components of the Internet of things.



Another important security measure is a strong authentication mechanism. Today, you can face situations where devices connect to the Internet of things without authentication at all. And this opens the way for spoofing . If the lack of authentication becomes a mass phenomenon, then it will be possible to disable millions of devices, which will become a problem not for the manufacturers, but for the buyers of these gadgets. Spoofing will be especially dangerous if a server is infected that has millions of devices connected to it.

To make life difficult for intruders, it is necessary to implement certificate life cycle management and standardize the code base of security systems. This will help close a series of attack vectors. Of course, ensuring the security of the Internet of things will remain a difficult and thorny task, since the industry is still groping for its way. At the moment, Internet criminals are still weighing the risks, assess the possibilities and potential profitability of the new direction. At the same time, manufacturers and users are not too concerned about the possible threat. Probably, this will quickly change after the first successful examples of monetizing the vulnerabilities of the Internet of things. Let's hope that we have time to prepare for this.