Menu

IoT FEATURE NEWS

NbotLoader: IOT threats evolve to remain effective

By

Since its advent, Cybersecurity has borrowed two attributes of security in general. The security for the Internet of Things complies to these two attributes. First attribute is continuous evolution of threats. With more awareness and ever improving efforts of White Hat researchers, threats must evolve to stay effective. The second attribute lies in "intelligent attack" i.e. to go for the weakest link in a security chain. We will be taking IOT Malware NBotLoader as a case study to go deeper into how these trends are carried on into the realm of IOT Security.

(Editor's note: These issuses and many others are being addressed, beginning today at the IoT Evolution Expo at Caesars Palace in Las Vegas, during the IoT Security Certification workshop.)

Exploit vs Default Passwords
The initial threats for Windows originated as exe files being sent as attachments via spam mails. This trend couldn’t continue further as various email providers as well as basic firewalls barred an exe to be sent as attachment. This started a cat and mouse game between attackers and security providers which ended at exploits. Regardless of the type of threat i.e. whether it is Windows or IOT, the race often stops at exploits since this is one thing which the security solutions don’t have control on and they might not protect the user from a zero day they themselves are not aware of.

IOT threats started with a simple attack vector i.e. to try to access the device via hit and trial of few known default passwords. Simple as it may sound, it proved to be effective as often IOT devices still have the factory credentials like username:admin, password:admin. This was abused by Bashlite, Mirai etc. to get access to a huge number of IOT devices.

However, after the news on Mirai broke out, there has been an increasing number of aware users who change the default password, hence rendering this approach useless. For the attackers to breach through strong passwords and to remain relevant, a new approach had to be added.

NbotLoader
We see the same trend in the IOT threat NBotLoader which uses a known exploit BID 60281 to get control of NetGear routers DGN1000 and DGN2200 which are unpatched. As seen in the video here, one can easily get access to these routers using the publicly available exploit. This bug can be (and has already been converted in hacking forums) morphed to a weaponized exploit script which runs this bug, extracts credentials, logs in using these credentials and runs payload to make the device part of a botnet of their desire.

Windows exploit vs IOT exploit
Many IOT exploits differ from Windows exploits when it comes to complexity. Often IOT exploits are not as complicated as Windows exploits, and most of them don’t need an extensive knowledge of Operating System internals. As a result, several IOT exploits keep popping up, and this data gets freely shared in various hacking forums creating more effective distros of these malwares. Also unlike many Windows exploits, IOT exploits often don’t need the system to crash to operate, hence having a better success rate.

The state of things of Router Security
As we discussed before, smart attackers often tend to go towards the weakest link in the attack chain. With still relatively low levels of awareness when it comes to router security, hackers can get access using default passwords or in some other cases, using an exploit.

While doing a simple search on shodan, we can see than about 66,000+ routers are hacked with their name changed to "HACKED-ROUTER-HELP-SOS”. However, they are still live, exposed on internet, and life goes on.

Hacked routers might not get a lot of attention like windows ransomwares, hence assisting attackers to remain in low profile and continue their practices.

Why Router Security Matters
Router differ from other IOT because once they are compromised, they can not only be used to ddos via popular IOT botnets, but also router settings can be changed to redirect all traffic to malicious servers and sniff data. Hence this approach can be equally effective to a password stealer / RAT. Since there is no payload executable involved and the evil lies in the router (and not in the system), it makes the work of a traditional Antivirus difficult when it comes to prevention and remediation.

Conclusion
Routers, and in general any IOT can be much secure if some precautions are taken.

Default passwords must be changed immediately to a strong one. This will provide protection against simple IOT attacks.

Besides strong passwords, the firmware of the device must be updated to the latest version and IOT security updates should be taken as seriously as a Windows Update. Most of the IOT exploits are forked from proof of concept of known CVEs, and there is a high probability that since the vulnerability is public, the IOT vendors would have already been offering a security patch for it. With these precautions, we can make our devices more secure from the ever evolving IOT threats.


 
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More