The following article is about how the hackers utilizes long term strategies and corporate sectors using strategies of phishing email in a beautiful way to attack the devices connected in a network and which help other attackers to find out the victim so swiftly, and how vulnerabilities in internet can help attacker/hackers exploiting the internet of things by finding out weak IOT devices for ransomware attacks. This following article also clarifies that the company coming up openly with IOT devices can provide a door to hackers to jump into vulnerable devices from one to another and they can bypass easily from pc-server and so on which can be harder to detect.
How Much Damage IoT Bugs Can Do
As per M. Carlton, Senrio’s Vice president of research “it is very much important to monitor the network as to look what is happening in the network, the devices which are connected to each other any One vulnerable device can create a hole in network which can be very much difficult to catch.” Following points to be considered as important under what circumstances damages can me happen to IOT through bugs:
Internet of hacks
A rube Goldberg attack
Chain of attack
Internet of Hacks
Most of the gadgets which are deployed are very much risky to deploy. The products use to get patches updated by the manufacturer in gradually for Vulnerabilities, but it is very much difficult to develop and fit it with every set of devices as every set of Product is design with special snowflake, initialize inscrutable, and with different proprietary code which creates drawback in security scanning tools. For instance, if a large organization which has a huge number of devices connect viz pcs servers connected in a network pc internet it is difficult to scan and update patches for all the devices in a shot, in this case, there must be a little oversight and few protections measure must be done. In a case study if you have an organization with 5000 connected cameras there must be some to look after the and monitoring and following the vendors mail lists that the can update patches if any received if fail to do so it will create a hole for attackers organization need to incur operational cost to update patches on timely bases if fail can create a vulnerability in two devices and can dispatch it all over the network. One of the richer had made by using a tool like Shodan which scans the IoT devices to the vulnerability in public internet they found 10 of 1000 devices are vulnerable which can destroy the chain in which there are connected if hackers found those devices.
A Rube Goldberg Attack
The senrio’s attack starts by focusing a security device (camera) that are still weak to an inveterate IOT bug, the researchers disclosed that as devil’s ivy. Using an unpatched axis M3004-v network camera as an example, they disclosed that if attackers would find this and start these devices as there initialized point to attack public internet this will be a good step for them to go smooth, as it can (Devil’s ivy) can exploit the devices to factory reset and cameras can be overtaken which can provide them a root access and full control over the devices.
As per researcher, they say that cameras are directly connected to routers now as soon as the vulnerable camera is successfully overtaken by the hackers now the attacker will target to springboard from camera to router. Once attacker get access to the router they can have live video, they can pull out credential and services and access over the company policies.
Overall it clarifies that only an IP camera with unpatched or vulnerability can destroy the whole network and can make the hard work unprofitable.
Chain of Attack
Through the attack requires elaborate planning. It requires a handful of Linux command line to carry out, as Senrio’s Carlton demonstrate that attackers of this type are increasingly automated. Rube Goldberg style IOT is not only a possible thing rather it is getting easier these days Echoes Ang Cui, the founder of IOT defense firm red balloon says it was unexplored 10-15 years ago, but today’s world is getting fuller and faster in there and took much effort.
As an example, for the chain of attack, the researchers said to raise awareness about the urgency of addressing the IoT security crisis. As this set of attacks has been getting easier and for a long time, they no longer feel sophistication in a modern generation no attackers were urged to focus on pcs and servers, they all are bypassing and going through IOT devices as this can be a really a blind spot. If possible it’s no longer that it can exploit the IOT companies.
The following essay is about how the hackers utilizes long term strategies and corporate sectors using strategies of phishing email in a beautiful way to attack the devices connected in a network and also demonstrated about Internet of hacks, A rube Goldberg attack, Chain of attack, IOT meltdown and DDoS hack.