Writing for IBM’s Security Intelligence publication, Douglas Bonderud notes that the advantages of smart cities offset neither the potential security issues, nor the risk of connected devices and vehicles as unwitting malware carriers.
“While it’s impossible to design impenetrable infrastructure, the combination of basic security hygiene with cloud-based detection and remediation tools makes it possible for cities to get advanced warning of malware threats, respond appropriately and minimize disruption to critical services,” he explained.
To illustrate his concerns, Bonderud highlighted a recent security breach in San Francisco where cyber criminals managed to compromise almost one-quarter of the networks used by the San Francisco Municipal Transportation Agency (SFMTA) and infect them with ransomware. Moreover, says Bonderud, 40 percent of industrial control systems (ICS), which control critical physical infrastructure such as power and water operations, were hit by malware attacks in the latter half of 2016.
Bonderud also compared malware-infected vehicles operating in smart cities to the existing phenomenon of accidental seed spreading.
“Let’s say, for example, that a network-enabled vehicle connects to the city transportation smart grid and is infected with malware. Unaware, the driver takes the vehicle to a new city, connects to its infrastructure and inadvertently spreads the malicious code,” he continued. “At best, cyber criminals gain access to low-level systems and impact total network performance. At worst, they take control of citywide services and demand huge payoffs to vacate the virtual premises.”
As ZDNet’s Eileen Brown points out, smart city security monitoring is all too often complex and chaotic.
“Cloud security is perceived to be a thorn in the side of security professionals; many struggle to monitor the environment effectively. The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way,” she explained. “Many IoT devices utilize cloud functionality in their back end, [so] cloud vendors will need to address the perception gap that exists when it comes to policy protection, security, price and IoT. Until organizations can accurately improve their visibility in the cloud to ensure that this point of intersection does not become a blind spot that could be exploited by malware operators, smart cities will fail to succeed.”
It should be noted that there are currently multiple malware strains plaguing unsecured IoT devices, including Mirai, BrickerBot and Hajime. According to cybersecurity journalist Brian Krebs, Mirai spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. Vulnerable devices are then seeded with malicious software that turns them into ‘bots,’ forcing them to report to a central control server that can be used as a staging ground for launching powerful DDoS attacks designed to knock Web sites offline.
Meanwhile, BrickerBot.1 and BrickerBot.2 exploit hard-coded passwords, exposed SSH and brute force Telnet. The original BrickerBot, which was active from March 20, 2017 to March 25, 2017, targeted devices running BusyBox with an exposed Telnet command window. These devices also had SSH exposed via an older version of Dropbear SSH server. The current BrickerBot.2 targets Linux-based devices which may or may not run BusyBox and which expose a Telnet service protected by default or hard-coded passwords. The source of the attacks is concealed by TOR exit nodes.
Much like Mirai, Hajime scans the internet for vulnerable IoT devices such as cameras, DVRs and routers that have open Telnet ports and use default passwords. However, Hajime doesn’t take orders from a command-and-control server like Mirai-infected devices do. Instead, it communicates over a peer-to-peer network built off protocols used in BitTorrent, resulting in a botnet that’s more decentralized difficult to stop.
Interested in learning more about protecting IoT endpoints? You can download our eBook on the subject below.
