Tag: IoT | SpinSafe

IoT Botnets and Infostealers Frequently Target Retail Sector

April 3, 2024/in Computer Security

New research by Netskope Threat Labs has revealed that IoT botnets, remote access tools and infostealers were the key malware families deployed by attackers targeting the retail sector in the past year. The findings were revealed in a new report on the retail sector.

Retail has also undergone a shift in the past 12 months from predominantly Google Cloud-based applications towards Microsoft apps like Outlook. In last year’s report, Google applications were far more popular in the retail sector than in other industries, but over the past year the researchers have seen a resurgence of Microsoft’s popularity. This is particularly evident for storage with the gap between OneDrive and Google Drive widening over the past year, with the average percentage of users shifting from 43% to 51% for OneDrive and falling from 34% to 23% for Google Drive. Similar trends were observed with Outlook (21%) supplanting Gmail (13%) as the most popular email app.

Microsoft OneDrive remains the most popular cloud application for malware delivery across all sectors including retail. Attackers gravitate towards tactics that capitalise on users’ trust and familiarity with OneDrive, increasing the likelihood they will click on the links and download the malware. In retail, attacks via Outlook are more successful than in other sectors – retail sees twice as many malware downloads via Outlook (10%) as other industry averages (5%).

The research also found that botnets and trojans are targeting network devices. Specifically, the Mirai botnet family has increasingly been seen to target exposed networking devices running Linux such as routers, cameras, and other IoT devices in the retail environment. Similarly, remote access trojans (RAT) were popular as they allow access to browsers and remote cameras, sending information to attackers or receiving commands. Since the leak of Mirai malware’s source code, the number of variants of this malware has increased considerably and poses a risk to retail as a sector with multiple vulnerable endpoints.

Paolo Passeri, Cyber Intelligence Principal at Netskope said: “It’s surprising that the retail sector still finds itself specifically targeted with botnets…

Source…

New industry-backed IoT security standards aim to improve device safety

March 19, 2024/in Internet Security

New IoT security standards could make it easier to choose devices that are hardened against some of the most common vulnerabilities.

IoT covers pretty much any physical device which can be connected to a digital network. IoT devices like digital locks, smart speakers, home surveillance systems, and routers are increasingly common, but have frequently been flagged as at-risk to threat actors.

That poor security can create risks for the users of these devices, such as the wrong people being able to access their security webcam, and can risk opening a backdoor into their network.

IoT security flaws also can create problems for the wider world, such as when vulnerable routers were enrolled into a botnet, which was then used in a Russian espionage campaign. In a recent survey, 50% of IT leaders said they thought IoT was the weakest point of their security.

Now, the Connectivity Standards Alliance (CSA) has published the first version of its IoT Device Security Specification, which it hopes will create a single IoT cyber security standard and certification program.

That should give manufacturers an easy way to show that their devices comply with multiple international regulations and standards – and hopefully help consumers and businesses alike make better choices.

The CSA’s Product Security Working Group has consolidated the requirements from three sets of IoT cyber security regulations in the US, Singapore, and Europe into a single program so device makers can comply with international requirements. The alliance has already signed a mutual recognition arrangement with the Cyber Security Agency of Singapore.

The 32-page specification includes dozens of specific device security provisions.

Manufacturers must demonstrate compliance with those provisions by supplying evidence to an authorized test lab. If they pass, manufacturers will be able to use the ‘Product Security Verified’ badge on their packaging. a printed URL, hyperlink, or QR code on the badge gives consumers access to more information about the device’s…

Source…

Internet of Things (IoT) Cyber Security

February 3, 2024/in Internet Security

IoT Devices

Internet of Things (IoT) cyber security is a growing problem and IoT devices can be found in almost every environment. In 2022 the number of connected IoT devices was estimated to rise to 14.4 billion.

We’ve likely encountered them in our day-to-day lives, devices such as assistants, doorbell cameras, robot hoovers, smart devices for home automation like lightbulbs, switches and plugs, smoke alarms and CO2 sensors, homes appliances like fridges, cookers and washing machines, wearables and healthcare devices, toys and security specific devices. The list really does goes on.

These are primarily consumer products, but there are also commercial, industrial and military IoT devices. There are devices used to make whole cities smart.

So we’re aware of the prevalence of these devices and how they can assist us in our daily activities and digital needs. But how mindful are we of the impact that IoT devices have on our cyber security?

What can we do to ensure that the devices plugged into our home or enterprise networks take cyber security seriously? What can we do to ensure the data we entrust them to handle is protected? How many devices are bought for one purpose, and once they fulfill that purpose, are left for months, years without attention?

The primary focus of this article is to raise cyber security awareness and discuss the security impact these devices can have on our networks and infrastructure if left unattended. We’re going to discuss some steps we can take to make sure that these IoT devices that we use so regularly are setup securely, stay secured and protect our data to the best of their ability.

IoT Cyber Security

As we’ve discussed, there are a wealth of IoT devices available to us and due to the nature of them being actively connected to our networks and the internet, they may pose a significant risk to the security posture of the networks they are connected to. Whilst aimed at enterprise installations, the majority of these points will also apply to devices connected in home environments.

The following points are to be considered when using IoT devices and what we can do to help them, and us, and be as secure as possible. Now this won’t apply to…

Source…

New P2PInfect bot targets routers and IoT devices

December 8, 2023/in Internet Security

New P2PInfect bot targets routers and IoT devices

Pierluigi Paganini
December 04, 2023

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices.

Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture.

The new bot supports updated evasion mechanisms, can avoid execution in a Virtual Machine (VM) and a debugger and supports anti-forensics on Linux hosts.

In July 2023, Palo Alto Networks Unit 42 researchers first discovered the P2P worm P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and potent than other worms.

The worm is written in the Rust programming language, it targets Redis instances by exploiting the Lua sandbox escape vulnerability CVE-2022-0543 (CVSS score 10.0).

In September, Cado Security Labs reported to have witnessed a 600x increase in P2Pinfect traffic since August 28th. According to the researchers, traffic experienced a 12.3% surge during the week leading up to the publication of their analysis.

P2Pinfect infections have been reported in China, the United States, Germany, the United Kingdom, Singapore, Hong Kong and Japan.

Experts linked the surge in botnet traffic with the growing number of variants detected in the wild, a circumstance that suggests that the authors are actively improving their bot.

“Cado Security Labs researchers have since encountered a new variant of the malware, specifically targeting embedded devices based on 32-bit MIPS processors, and attempting to bruteforce SSH access to these devices.” reads the report published by Cado Security. “It’s highly likely that by targeting MIPS, the P2Pinfect developers intend to infect routers and IoT devices with the malware. Use of MIPS processors is common for embedded devices and the architecture has been previously targeted by botnet malware, including high-profile…

Source…

Tag Archive for: IoT

IoT Devices

IoT Cyber Security

New P2PInfect bot targets routers and IoT devices

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices.