The Internet of Things has been one of the fastest growing IT sectors in recent years, with hundreds of thousands of new devices joining the global network every day. It is clear that such rapid growth of the sector, the enormous amount of equipment that is difficult to monitor and control, and the high financial value of the market, also attract the attention of cyber criminals.
Experts from the cyber security company Sophos, who perform hundreds of tests every day in a special research unit of Sophos Labs, have discovered a few major attacks last week, exploiting the vulnerabilities of Internet of Things devices.
Examples of published attacks include the UFO Miner cryptographic mining plug-in for Android devices and the vulnerability of the Windows Sirep operating system, allowing any logged-in user to execute system commands and control the device as the last one via Ethernet on the network is connected cable, no wireless network.
UFO Miner is the web script of CoinHive that was released last year and is designed for Android devices. Unlike the resource-rich CoinHive, the Android shell is programmed so that the program does not use many resources, is unloaded by the device, attracts users' attention and remains difficult to see. Every damaged device makes a small contribution to the total cryptographic digging, but the accumulated result over time is impressive.
The only way to find out if users' Android devices are not participating in the huge UFO Miner cryptographic cash register system is to look at the list of programs that run in the background and unrecognizable to search for records. In the case of Sophos Expert Testing, UFO Miner has registered under the name Test, but the name is likely to vary from case to case.
The other attack focused on the Sirep protocol port of the Windows IoT Core mobile device operating system, enabling remote testing. This port is only active on legitimate Windows IoT Core installations that are not custom device manufacturers. The port is not protected by an authentication solution, so every connection gets the right to execute all system commands on the device, download files from the device or change them.
It is worth mentioning that Microsoft has responded moderately to the reported vulnerability warning that this is not a vulnerability to the error in their Sirep protocol, so the company does not intend to do anything about it. In this way, users who have Windows IoT Core operating systems and a Sirep protocol port enabled must take care of the devices themselves.
According to Sophos experts, the aforementioned attacks are particularly difficult to detect, even with the use of special monitoring tools, because they are designed to prevent leakage in the general context of a particular device load. Unlike previous generations of similar attacks, they do not use 100 percent. the capacity of the infected device, but carefully determines how many sources are used at a given time, depending on the time of day and the load on the device. Illegal use of the device's capacity never reaches more than 80 percent, which means that malicious software can go unnoticed for a long time.
Such a cumbersome strategy and possibly a large number of infected devices ultimately make cyber criminals extremely successful. Whether it is a DDoS (Distributed Denial of Service) or a mysterious cryptographic mining plug-in that steals device resources, the end result is much better than some hacker or group attacks.
Sophos experts warn that similar smart, smartly designed attacks on the Internet of Things devices take place every week. Noting that there are few cyber security experts with expert skills, and the amount of Internet of Things devices is already huge, a global network can quickly find itself in a situation where managing cyber criminals can be an insurmountable challenge.