RapperBot Malware Develops New Distribution Tricks 

IoT Attacks, malware, Ophtek, RapperBot, Security, strong passwords, Updates, , , , , ,
20
Jun 2023

Malware constantly evolves, and that’s why it’s a constant thorn in the side of PC users. The ever-changing RapperBot malware is a perfect example of this. 

If malware was boring and lacked innovation, it wouldn’t last very long or infect many computers. It would make our lives a lot easier, but it would defeat the main objective of malware. And that is to cause chaos. Repeatedly. Therefore, malware developers are keen to extend the lifespan of their creations. This is why malware is regularly developed, to keep one step ahead. It’s the digital example of a game of cat and mouse. But the good news is that you don’t have to be the mouse. 

The Lowdown on RapperBot and Its Evolution 

First discovered in 2022, RapperBot started its malware career in the Internet of Things (IoT) niche. Most notably, RapperBot was observed to be using parts of the Mirai botnet code. However, RapperBot was much more than just another take on Mirai. It was much more sophisticated. Not only had its remote access capabilities been upgraded, but it could now also brute force SSH servers – these allow two PCs to communicate with each other. 

This evolution has continued at pace, with security experts Fortinet and Kaspersky detecting the following changes: 

  • After infection, further code was added into RapperBot by the developers to avoid detection. A situation which persisted even after rebooting. A remote binary downloader was later added to allow self-propagation of the malware. 
  • The self-propagation capabilities of RapperBot were later changed to allow the malware to gain constant remote access to SSH servers which had been brute forced. 
  • Finally, RapperBot moved its aim away from SSH servers and targeted telnet servers. Cleverly, RapperBot sidestepped the traditional technique of using huge data lists and, instead, monitored telnet prompts to determine the target device. This allowed the threat actors to identify IoT devices and quickly try their default credentials. 

The Best Tips for Tackling RapperBot 

IoT devices are plentiful in the modern age, and we certainly couldn’t be without them. Accordingly, we need to protect them from threats such as RapperBot and BotenaGo. You can do this by following these best tips: 

  1. Keep devices up to date: it’s crucial that you regularly update the firmware and software which supports your IoT devices. Few, if any, pieces of hardware reach consumers without some form of security flaw present. Once these flaws are detected, the manufacturer will usually release a patch or update to remove this vulnerability. Therefore, you need to install these as soon as possible, a strategy which is made easy by allowing automatic updates. 
  1. Change default passwords: Many IoT devices come with default usernames and passwords, these are often the same across every single version of that device. As such, they represent an incredible risk. This means you need to change these default credentials to strong, unique usernames and passwords before they are connected to your IT infrastructure. Additionally, enable two-factor authentication, wherever possible, to add an extra layer of security. 
  1. Network segmentation: ideally, separate networks should be created to house your IoT devices and isolate them from your core network. As IoT devices carry a certain amount of risk, it makes sense to keep them away from the majority of your IT infrastructure. This ensures that, if an IoT device does become infected, the malware can only spread so far. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Don’t Make these Common IoT Mistakes

Internet of things, IOT, IoT Attacks, Ophtek, Uncategorized, , ,
04
Feb 2020

The Internet of Things (IoT) has revolutionized device connectivity. But it’s an aspect of IT which is still in its infancy. And mistakes are common.

Eliminating these mistakes is an important factor in maximizing your productivity. After all, we live in a digital age. And it’s crucial that your IT systems are working to their full potential. Any drop off in productivity can harm the overall performance of your business. You need to retain an edge over your competitors, so mastering the IoT is crucial.

You may not be aware that you’re making mistakes with the IoT or you may not know how to rectify them. Either way you need a helping hand. And that’s why we’re going make sure you don’t make these common IoT mistakes.

Avoiding the Most Common IoT Mistakes

The IoT harnesses some complex technology, so it should come as no surprise that mistakes are common. However, these mistakes are relatively easy to fix:

  • Failing to Plan for Maintenance: IoT devices are like any other piece of machinery: they are prone to failure. And all it takes is for one device to fail to cause a massive drop in productivity. Scenarios such as this are why regular maintenance of your IoT needs to be built into your IT maintenance schedule. 
  • Ignoring Updates: The number of devices operating as part of the IoT is estimate to be just over 30 billion devices. That’s a lot of devices. And this has made them a target for hackers. But one of the simplest ways to protect your IoT devices is by installing any updates associated with them. Naturally, the number of devices means it can be difficult to monitor when updates are due. But, by running regular audits on your IoT devices, you can monitor for firmware and patches to maximize your security. 
  • Not Understanding the Importance of Data: IoT devices are fantastic for monitoring data, so it’s important that you take advantage of this. Vehicle tracking, for example, provides a wealth of information about the way in which your drivers are operating. And this data can be used to enhance their efficiency e.g. minimizing the risk of speeding offences and driving more economically. So you need to make sure that all IoT data is regularly analyzed.

By eliminating these common IoT mistakes you can make a significant difference to your organization’s productivity. IoT devices are only going to become more common in the workplace, so it’s important that you master this technology early on.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Keeping the IoT Secure with Shodan

IOT, IoT Attacks, IT Best Practices, Ophtek, ,
29
Jan 2020

The Internet of Things (IoT) is getting bigger and bigger. But this popularity is making it a target for hackers. Thankfully, Shodan is here to secure it.

It’s difficult to imagine life without the IoT; the sheer range of possibilities it opens up is astonishing. But it has also attracted a number of headlines due to its shortcomings in security. Naturally, the opportunity to strengthen security around IoT devices is one of great interest. And now there’s a website which promises to maximize your IoT security. Its name is Shodan and it could just revolutionize your device security.

Let’s take a look at what it is and how Shodan can keep the IoT secure.

What is Shodan?

Shodan is, in its simplest terms, a search engine for IoT devices. It’s similar to Google, but rather than searching for news on your favorite TV shows, you can use it find IoT devices. As long as a device is connected to the internet, Shodan should be able to find and identify it. And this applies to any IoT device be it a printer, security camera or refrigerator.

How Does Shodan Work?

The part of the internet that the IoT connects to is usually considered invisible, but all it takes is the right algorithm to analyze it. And this is what Shodan does. The overall mechanics of Shodan’s algorithm is complex, but here’s a breakdown of how it works:

  • Creates random IPv4 addresses which are used to identity network interfaces on a machine
  • Scans the internet for a real time list of connected IoT devices
  • Scans each device by checking a selection of available ports
  • Analyzes each port for a unique IPv4 address
  • Grabs a selection of metadata from the device which includes: usernames, passwords, geographical location and IP addresses

And all of this information can be displayed in the search results on Shodan.

Is Shodan a help or a Hindrance?

The amount of sensitive data that Shodan can expose is worrying. The last thing you want is for your usernames and passwords to be compromised. This could lead to grave consequences for your security. But is Shodan as scary as it sounds? Well, the truth is that it can actually enhance your IoT security.

Shodan is now a popular tool for security professionals to evaluate their IoT devices. And it’s most commonly used in the following ways:

  • Detecting Vulnerabilities: Shodan has a range of filters available that you can use to identify potential vulnerabilities in your IoT devices. This could include the use of default login credentials (these are the only login details that Shodan exposes) or which ports are currently open. By identifying these vulnerabilities with Shodan you can rectify them.
  • Track Exploits: Hackers are industrious characters and relish the challenge of identifying exploits. And the result is that IoT devices are constantly in their targets. Thankfully, Shodan is on hand to help. It does this by collecting together all known exploits for IoT devices and making them available. All a user has to do is use the Shodan search engine to search for specific terms and uncover any known exploits.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The 5 Most Important IoT Security Concerns Coming in 2018

Cyber Attack, Hacking, Internet of things, IOT, IoT Attacks, malware, Phishing, Ransomware, Security, Security Threats, , , ,
20
Feb 2018

If you want to keep the IoT (Internet of Things) secure in 2018 then you’re going to have your work cut out due to the number of threats on the horizon.

Significant progress has been made in the last couple of years when it comes to understanding the security concerns presented by IoT devices, but this is only encouraging hackers to become more innovative. And 2018 is going to deliver more IoT security threats than ever before, so you’re going to need to be ready for this surge in activity and the new hacking methods employed.

Let’s take a look at the most pressing IoT security concerns coming in 2018.

  1. IoT Attacks Being Undetectable

Many IoT attacks take place on a micro scale compared to large scale attacks such as Distributed Denial of Service Attacks. The problem with micro attacks is that conventional security systems are unlikely to recognize them as a threat, whereas major attacks are likely to ring alarm bells very quickly. Therefore, investing in highly sensitive security systems and manual monitoring may become vital to any organization using IoT devices.

  1. Automation Will Become More Important

Some organizations can have thousands of IoT devices operating on their network at any one time, so manually monitoring this activity is virtually impossible. And that’s why automation and artificial intelligence could prove highly popular in 2018 when it comes to providing a front line defence against IoT attacks e.g. installing crucial firmware upgrades immediately.

  1. The Irresistible Allure of Cryptocurrency

You only have to take a quick look at the financial headlines to understand just how valuable cryptocurrencies are at the moment. And, to a hacker, the financial rewards on offer are hard to resist. The Satori botnet, for example, takes control of IoT devices and also allows the hackers to exploit Bitcoin mining software. So, if your organization is involved with cryptocurrencies in any capacity, it’s going to pay to monitor your activity very closely.

  1. More and More Devices Will Be Targeted

Automobiles, security cameras and baby monitors are just a small selection of the IoT devices which have been hacked in the last couple of years, but this is set to increase further in 2018. In particular, devices which come with weak passwords (or even no password) are constantly being scouted by hackers. And, when they discover one, this can easily be leaked online, so the need to enforce a strong password culture remains essential.

  1. Privacy Concerns

Trusting IoT devices to transmit and receive personal and sensitive data is going to come under serious scrutiny in 2018. Due to the recent IoT attacks which have exploited weak passwords and poor security protocols in IoT devices, the public concern is growing over how their data is handled. Naturally, hackers are excited by the prospect of being given a free run at such a huge number of vulnerable devices without adequate security frameworks in place. 2018, therefore, is going to find organizations having to soothe customer concerns by only working with secure hardware and software.

For more ways to secure and optimize your business technology, contact your local IT professionals.

 

Read More