fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Honeypot Experiment Reveals What Hackers Want from IoT Devices

Honeypot Experiment Reveals What Hackers Want from IoT Devices

​A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices.

More specifically, the honeypot was meant to create a sufficiently diverse ecosystem and cluster the generated data in a way that determines the goals of adversaries.

IoT (Internet of Things) devices are a booming market that includes small internet-connected devices such as cameras, lights, doorbells, smart TVs, motion sensors, speakers, thermostats, and many more.

It is estimated that by 2025, over 40 billion of these devices will be connected to the Internet, providing network entry points or computational resources that can be used in unauthorized crypto mining or as part of DDoS swarms.

Also Read: Protecting Data Online in the New Normal

Setting the stage

The three components of the honeypot ecosystem set up by researchers at the NIST and the University of Florida included server farms, a vetting system, and the data capturing and analysis infrastructure.

To create a diverse ecosystem, the researchers installed Cowrie, Dionaea, KFSensor, and HoneyCamera, which are off-the-shelf IoT honeypot emulators.

The researchers configured their instances to appear as real devices on Censys and Shodan, two specialized search engines that find internet-connected services.

The three main types of honeypots were the following:

  • HoneyShell – Emulating Busybox
  • HoneyWindowsBox – Emulating IoT devices running Windows
  • HoneyCamera – Emulating various IP cameras from Hikvision, D-Link, and other devices.
Experiment layout
Experiment layout
Source: Arxiv.org

A novel element in this experiment is that the honeypots were adjusted to respond to attacker traffic and attack methods. 

Also Read: The Top 4W’s of Ethical Hacking

The researchers used the collected data to change the IoT configuration and defenses and then gather new data that reflected the actor’s response to these changes.

The findings

The experiment produced data from massive 22.6 million hits, with the vast majority targeting the HoneyShell honeypot.

Number of hits for each honeypot type
Number of hits for each honeypot type
Source: Arxiv.org

The various actors exhibited similar attack patterns, likely because their objectives and the means to achieve them were common.

For example, most actors run commands such as “masscan” to scan for open ports and “/etc/init.d/iptables stop” to disable firewalls.

Additionally, many actors run “free -m”, “lspci grep VGA”, and “cat /proc/cpuinfo”, all three aiming to collect hardware information about the target device.

Interestingly, almost a million hits tested “admin / 1234” username-password combination, reflecting an overuse of the credentials in IoT devices.

As for end goals, the researchers found that the HoneyShell and the HoneyCamera honeypots were targeted mainly for DDoS recruitment and were often also infected with a Mirai variant or a coin miner.

Coin miner infections were the most common observation on the Windows honeypot, followed by viruses, droppers, and trojans.

Attack types targeting HoneyShell
Attack types targeting HoneyWindowsBox
Source: Arxiv.org

In the case of the HoneyCamera, the researchers intentionally crafted a vulnerability to reveal credentials and noticed that 29 actors engaged in exploiting the flaw manually.

HoneyCamera layout
HoneyCamera layout
Source: Arxiv.org

“Only 314 112 (13 %) unique sessions were detected with at least one successful command execution inside the honeypots,” explains the research paper.

“This result indicates that only a small portion of the attacks executed their next step, and the rest (87 %) solely tried to find the correct username/password combination.”

How to secure your devices

To prevent hackers from taking over your IoT devices, follow these basic measures:

  • Change the default account to something unique and strong (long).
  • Set up a separate network for IoT devices and keep it isolated from critical assets.
  • Make sure to apply any available firmware or other security updates as soon as possible.
  • Actively monitor your IoT devices and look for signs of exploitation.

Most importantly, if a device does not need to be exposed to the Internet, ensure it is located behind a firewalls or VPN to prevent unauthorized remote access.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us