Upload File

home | greens/efa - iotbotnets · 2017-08-28 · vnm 12.89% ind 12.29% irn 11.18% bra 10.74% chn...

  • Home
  • Documents
  • Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%
12
IoT botnets Scale of the problem & lessons learned

Upload: others

Post on 16-Jul-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

IoT botnetsScaleoftheproblem&lessonslearned

Page 2: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Examples

• In2016,IoT botnetscausedseveralDDoSattacksexceeding100Gbps:• Russianbankingsystem:InNov2016,overtwodays,fiveofRussia’smajorbankssufferedamassiveDDoSattackfromabotnetwithmorethan24,000bots.

• Dyn (USDNSprovider):OnOct21,2016upto100,000compromisedDVRs,videocameras,andotherembeddedsystemsattackedDyn.

• BlogofBrianKrebs:OnSep20,2016thewebblogofacybersecurityjournalistwashitwithaDoS,withpeaktrafficataround620Gbps.

• TheUScandidates’campaignwebsites:DuringtheUSelectioncampaign,bothcandidatesweretargetedwith30-secondattacks.

• OVH(Frenchcloudcomputingcompany):OnSep20,thehostingproviderOVHwastargetedwithadistributed1.2Tbps attack.152,000infectedIoT deviceswereusedtolaunchthelargestDDoSattackcampaigneverrecorded.

• RioOlympicGames:DuringAugust2016,multipleDDoScampaignsagainsttheservershostingdataaboutthe2016OlympicGameswerecarriedoutforseveralmonths,peakingat540Gbps.

June7,2017 [email protected]@privacy__ninja 2

Page 3: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

ProblemsofIoT devices

• Hardcodedpasswords/defaultbackdooraccounts• Weakauthentication• Unsecuredports• Oldandlowqualitysoftware• Patchability/Frequencyofpatches• ScalabilityofattacksduetoeasydiscoverabilityandhomogeneityofIoT devices• Nofinancialincentivetomakeproductsmoresecure; cheapandcompetitivemarket

June7,2017 [email protected]@privacy__ninja 3

Page 4: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Malwarebehavior

• Mostcommon:Mirai &Bashlite• Scan-and-spreadWorms• Eachbotisremotelycontrollablewhenandwhennottoscan,asopposedtocontinuousscansofpastworms(->difficulttomeasuresizeofbotnet)• Targetsdefaultoreasy-to-guesscredentials

June7,2017 [email protected]@privacy__ninja 4

Page 5: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

CauseofVulnerability

• Defaultlogins/weakcredentials• VastmajorityofIoT malwaredoesnotactuallyexploitasoftwarevulnerability,butabusesweakdefaultlogincredentialstocompromise• VastmajorityofbotsspreadviaTelnetonport23

• Homogeneity• Thiseaseofabuseallowsdozensofless-experiencedadversariestojumponthebandwagon

• Lifespan• Low-profitproductswithlifespanofseveralyears,noeasywaytopatchvulnerabilities

June7,2017 [email protected]@privacy__ninja 5

Page 6: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Scale

• We’vejustseenthetipoftheiceberg• Between1.2and2Millioninfecteddevices• Botnetupstreambandwidthbetween1and3Tbps• MostlysimpleDDoSattacks• Atleast760differentdevicesaffectedbyIoTmalwareMirai &Bashlite

June7,2017 [email protected]@privacy__ninja 6

Page 7: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Originofbots700k

600k

500k

400k

300k

200k

100k

June7,2017 [email protected]@privacy__ninja 8

Page 8: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Originofbots

VNM IN

DIRNBRACHNRUSTHAPAKMEXTURGBRCRIIDNKORARGUSALBYCOLTWN ITA

700k

600k

500k

400k

300k

200k

100k

800k

VNM12.89%

IND12.29%

IRN11.18%

BRA10.74%

CHN5.59%

RUS4.14%

THA2.79%

PAK2.67%

MEX2.65%

TUR2.53%

GBR2.25%

CRI2.22%

IDN2.13%

KOR1.81%

ARG1.78%

USA1.62%

LBY1.47%

COL1.30%

TWN1.26%

ITA1.01%

June7,2017 [email protected]@privacy__ninja 9

Page 9: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Outlook

• IoT malwarestillinitsinfancy• Malwarewillbecomemoresophisticatedassecuritymeasuresgetbetter• Moretypesofattacks• ransomware,bitcoinmining,spam,clickfraud,andsocialmediabots• NotlimitedbyIoT OS

• IPv6• MayimprovesecuritybymakingitmoredifficultforattackerstoscanandfindvulnerableIoT devices,evenforsearchservicessuchasShodan

June7,2017 [email protected]@privacy__ninja 11

Page 10: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Securitylessons

• Iot securityrepeatingthesameevolutionasPersonalComputersecurity• Botnetskeepgrowingatafastpace• Devicesmusthaveandenforcesecurecredentials,nodefaultlogin• Regularsecurityupdatesbymanufacturerimportant,butincentivetoinstallisnecessary(e.g.autoupdates)• Manymoresophisticatedsecuritymeasures(e.g.coderandomization)arenotsuitedforIoT

June7,2017 [email protected]@privacy__ninja 12

Page 11: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

Regulatorychallenge

• Customerprotectionoptions• Vendorliabilitytowardscustomerstoprovidesecurityupdatesfortwoyears(notice&patch);nounpatchable systems• Shiftofliabilityifcustomerschoosetonotupdatetheirsystems(similartoproductrecall)• Collectiveactionclauses

• Domesticfixtoaninternationalproblem• OnlyrelevantfordevicessoldintheEU• LittleimpactforprotectionfrombotnetattacksintheEU

ØInitialise &supportsectorspecificsecuritystandardsandcertificationØInternationalagreementsnecessary

June7,2017 [email protected]@privacy__ninja 13

Page 12: Home | Greens/EFA - IoTbotnets · 2017-08-28 · VNM 12.89% IND 12.29% IRN 11.18% BRA 10.74% CHN 5.59% RUS 4.14% THA 2.79% PAK 2.67% MEX 2.65% TUR 2.53% GBR 2.25% CRI 2.22% IDN 2.13%

─┐CISPA|CenterforIT-Security,PrivacyandAccountability│20/06/2017└─


MON 15a 2020.12-14—12.29 17B 24B 1510B THU FRI TUE ......MON 15a 2020.12-14—12.29 17B 24B 1510B THU FRI TUE WED 16a 17 a 18a B4kca PR015.1g FAT17.3g 371kca PR014.gg FAT16.1g FAT2g.gg

2012 mw rc - SportsTG 12.29 Betzold, Khayla Ipswich 4 CollegesBloom, Willow 12.62 5 CentenaryMagro, Makayla 12.66 6 SouthsPartrige, Amy 12.96

Workplace Conditions Assessment Report - World … Factory-Fair Labor Audit-12.29... · No dormitory was available in the ... Workplace Conditions Assessment Report Nr. F_IAR

Coronavirus Concerns? Consider Past Health Crises Concern gateway.pdfSwine flu (H1N1) April 2009** 18.72% 35.96% MERS May 2013 10.74% 17.96% ... (DCA), which is commonly used in workplace

Operating and Installation Instructions N 816 AV.12.29 DC-B

รายงานการวิจัย … · 11.68-12.29 ไมครอน อะไมโลเพคตินของสตาร์ชลูกเดือยมีขนาดเฉลี่ยที่

Name of the State/NRI - phdmaodisha.nic.inphdmaodisha.nic.in/Reports/SSPHD/PHDMA-ClosureReport-SSPHD-Fi… · Software Package. b) Funds utilized: Rs. 10.74 lakh towards cost of Software,

Total Internal Reflection Fluorescencelab.rockefeller.edu/simon/assets/file/Lab... · Total Internal Reflection Fluorescence UNIT 12.29 (TIRF) Microscopy Illuminator for Improved

Christopher Benoit (PDF, 10.74 MB)

212.56.207.26212.56.207.26/files/statements/Informatia_privind_activitatea_economica-financiara.pdf17.85 23.17 428.69 222.06 12.29 466.14 Denumirea indicatorilor Capitalul social Capitalul

CamScanner 09-16-2020 12.29

25. marts – Komunistiskā genocīda upuru piemiņas diena · 20.03.2017 plkst. 12.29 sākas pavasaris Mirklis. Vēl mirklis, un manī ieplūdīs saldais, spēcinošais zemes spēks

RESULTADOS EXAMEN DE ADMISIÓN BECA 18 - 2016 100001 arrieta galvez efrain rolando 12.89 no ingres Ó 21 100004 atao

JJ Chinaomahajjchina.com/images/JJChinaMenu.pdf · JJ Walnut Chicken 12.29 Lightly battered chicken cooked with creamy sauce and garnished with walnuts. 9. Asparagus Chicken 11.29

PropInsight - A detailed property analysis report of …Hyderabad 1.07% 23.63% 19.33% 10.74% 9.82% 8.59% Bandlaguda Jagir Rajendra Nagar Kondapur Gachibowli Hitech City Manikonda 0%

Northeast Banking Profileo-and-co.com/media/8c9d1b061db227e2ffff845fffffd502.pdf · 1st Constitution Bancorp NJ 12.87 13.08 10.37 10.66 24.09 10.9 102.9 119.9 1.18 12.51 10.74 0.00

BOLETÍNaplicaciones.digestyc.gob.sv/observatorio.genero/...SONSONATE 12.89 % 7.17 % 5.72 SAN MIGUEL 15.39 % 10.65 % 4.73 LA PAZ 12.52 % 7.88 % 4.64 CUSCATLÁN 11.72 % 7.37 % 4.35

CamScanner 04-14-2020 12.29

PropInsight - A detailed property analysis report of ... › 2 › 1 › 503303 › 105 › 189130.pdf · Hyderabad 10.74% 23.63% 19.33% 9.82% 8.59% 2.86% Gachibowli Rajendra Nagar

suru peter 2005 - termeszetvedelem.hu · 12.29.. Mint látható, az adatok igen szórványosak, ami azzal magyará7ható, hogy a barlang nehezen, csak tapasztalt barlangászok számára

N Bay Window Caboose Announced 12.29 - Athearn · 2018. 1. 2. · N B ayWindyoiwCbyseaC bedyyOyyN B ayrrrDCaueCd:Dwi0yyOyy1Cbby.D266D882DSt8h N Bay Window Caboose Announced 12.29.17

Central Kwai Chung (Site 11) Area : about 12.89 ha (Plan A11) No

Retrieve Document - FTG Technologies -€¦ · XLS file · Web view4059720 41.82 4059730 41.82 4059740 41.82 4059750 41.82 4059770 41.82 4059780 41.82 12.6 12.89 13.15 14.36

WTF WORLD RANKING (June, 2011) WOMEN'S UNDER 46KGmastkd.com/.../11/...JUNE_Official_8_masTaekwondo.pdf · 33 victoria francesca alvarez acuna chile f-46 5.29 10.74 16.03 34 siriporn

Total Return Chart MonthlyReturns - VanguardP 500 ETF 968 VOO 09/07/2010 — 0.04 ... ReturnbasedonMarketPrice -2.54 -0.76 -0.76 14.00 10.74 13.28 — 14.75 Capital Opportunity Fund

PropInsight - A detailed property analysis report of Modi Palm … · 2015. 10. 26. · Hyderabad 23.63% 19.33% 10.74% 9.82% 8.59% Kompally Rajendra Nagar Kondapur Gachibowli Hitech

Ecole Supérieure de Technologie Oujda Liste d'attente de la filière …esto.ump.ma/uploads/files/1/Selection_DUT_2018-19/... · 2018-09-13 · h138052066 elamouri soumia w 022 12.89

7.3 Quadratic Patterns - web.cocc.eduweb.cocc.edu/srule/MTH105/homework/2quadraticmodeling(text).pdf · Quadratic Patterns 324 Chapter 7 ... quadratic formula is a ... 2.16 6.45 10.74

PropInsight - A detailed property analysis report of Theme ...Hyderabad 10.74% 23.63% 19.33% 9.82% 8.59% 2.86% Gachibowli Rajendra Nagar Kondapur Hitech City Manikonda Nizampet 0%

VEHICLE COMPONENT APPLICATIONS - iiNetniche.iinet.net.au/VL_Technical/efi_vehicleapplications.pdf · b vehicle component applications - index d3 alfa romeo 33 ar905 10.87 12.89 ar30588

CONSTRUCCION - Aceroscenter - Inicio · * GAVION *GAVION * GAVION PVC 9.95 10.34 10.74 17.68 8.43 29.56 31.34 13.60 18.35 17.50 * Vigas únicamente bajo pedido

CamScanner 03-18-2021 12.29

  · Web view2019. 6. 17. · 2015 2014 0.52431979895484426 10.42 4.78 6.3 Leinster (excl Dublin) 2018 2017 2015 2014 1.8988216409073815 12.89 8.8699999999999992 8.42 Ireland (excl

Mauthausen Fahrpläne / Linien gültig ab 11.12.2016 St ... Linz-Arbing-Linz.pdf · Gusen Bachstraße 4.29 12.29 20.29 4.29 12.29 20.29 4.29 12.29 20.29 Gusen Kapellenstraße 4.30

L’ESTATE DI ULISSE MELE - Edizioni Piemmeapi2.edizpiemme.it/uploads/2015/06/9788856636581-lestate...alBa_l_estate_di_ulisse_Mele.indd 12 05/05/14 12.29 13 1 Di solito d’estate