2018-07-25
勒索软件已经成为困扰组织的最严重的网络威胁之一。今天,我们所有人,从家庭用户到企业和政府机构,都在努力保护自己免受加密病毒的侵害。
但是我们没有注意到,下一波旨在加密物联网(IoT)设备的勒索攻击已经开始了。由于物联网无处不在又极其多样化,这些攻击可能会更加危险。
简而言之,物联网的一些特征导致物联网勒索软件比已经广泛传播的针对电脑和智能手机的勒索软件更加危险。
众所周知的加密勒索软件,如Locky和Cerber,会锁定受感染机器上的重要文件。这种加密是不可逆转的:受害者要么支付赎金获取解密密钥,或者在没有备份的情况下和他们的文件永别。人们通常认为,文件和重要数据的价值可用货币的形式表示,这一事实吸引了敲诈者。
物联网设备根本没有任何数据。有些人可能认为勒索软件作者对攻击物联网设备不感兴趣,情况并非如此。
相较于只锁定一些文件,物联网勒索软件可能会锁定并完全控制许多设备甚至网络。物联网恶意软件可能会迫使车辆停下,断开电力甚至终止生产线。这样的程序能够造成更大的伤害,因此黑客可能会要求更多的赎金。这增加了这一新兴地下市场的吸引力。
有人会争辩说,可以通过简单的重启来阻止物联网攻击。然而,受害者支付赎金的原因在于失去系统控制期间可能发生的损失的数量和性质,而非攻击的不可逆转性。
物联网扩展了生命支持设备(如起搏器)或工业系统(如泵站)的可能性,与此同时,阻断物联网基础设施和不及时的响应造成的损害将会呈指数增长。在工业控制系统中使用物联网设备的组织面临最大的风险,例如发电厂、大型自动化生产线等。
针对消费者物联网设备(包括智能家居和连网汽车)的攻击早已发生。研究人员已经展示了如何使用恶意代码来控制连网的温控器,将温度设置为最大值,迫使受害者支付赎金。
可以想象一下,今天早上你坐上一辆连网汽车,准备出发去工作。突然屏幕上出现了一条消息:“想要启动车子去上班,那就支付500美元吧。”几年前,这种情况是不可能发生的。而如今,由于技术的进步,这种情况看起来并不奇怪。
此外,物联网勒索软件可能会窃取重要数据和个人信息,例如,从连网的监控摄像头或健身工具中窃取敏感信息,威胁受害者说会公布这些信息,以此敲诈受害者。
尽管物联网设备通常存在严重的安全漏洞,但是谈论智能家居和连网汽车即将面临的勒索软件威胁为时尚早。由数千家制造商创建的各种应用程序和设备使得恶意软件的使用更加广泛和复杂。
如今,物联网行业高度分散。该行业缺乏标准化的方法、通用平台和通信系统,因此很难进行大规模的攻击。在一次攻击中,黑客通常只针对特定类型的设备,这减少了潜在受害者的数量。
我们可以得出结论:目前,黑客攻击消费者物联网设备的利润空间很小。但是随着物联网进一步深入家庭和办公室,未来,情况很可能会发生改变。
物联网的工业部门面临着完全不同的情况。工业系统对勒索者具有强大的吸引力。这可能是任何可能影响数千甚至数百万人生活的系统,其运作成本非常高昂。
例如,最近几家美国医院遭受了一系列的勒索软件攻击。好莱坞长老会医院的正常运作被勒索攻击打断,不得不将部分病人转移到其他诊所,医生也被迫回归到老式的纸质记录方法。
如果医院的系统遭到感染,所有患者的健康都会受到威胁,因此医院支付赎金的可能性非常高。针对关键基础设施的攻击基于类似的心理:如果人们的生活受到威胁,而且时间紧迫,业主往往会同意支付赎金。
电网和发电站也是物联网恶意软件的重要目标。它们在现代世界中的重要作用在2003年美加大停电事件中得到了很好的体现。在几个小时内,大停电造成了60亿美元的损失,影响了5500万人的生活。该事件不是网络攻击,而是软件故障。而今天,黑客不断扫描互联网,寻找重要的漏洞网络,所以能源公司应该做好应对准备。
虽然不存在通用的解决方案,但许多专家认为,遵守某些准则和方法可以帮助组织和制造商更好地保护其物联网系统免受勒索攻击。
重要的一点是:能够远程升级智能设备的固件。安全是一个旅程,而不是目的地,没有任何连网设备可以永远保持安全。因此,我们应该进行简单、有效和安全的固件更新。
要采用安全的固件更新渠道,因为不安全的更新渠道可能会成为感染入口点。我们可以采用一些经过时间考验的措施来消除这种入口点,例如阻止处理器和固件、加密设备之间的通信通道。
另一个重要的措施是可靠的认证机制。您可能会遇到这样的情况:当设备连接到互联网没有进行任何身份验证。
这就为攻击者的伪装铺平了道路。如果验证缺失成为一种普遍现象,攻击者可以利用这一点禁用数百万台设备。如果一台连接了数百万机器的服务器被感染,这种攻击将会特别危险。
为了阻止入侵,我们必须引入可靠的安全证书生命周期管理,并规范安全系统的代码库。这将有助于减少攻击向量。
当然,保护物联网仍然是一个艰巨的任务,目前业界正在朝这个方向摸索。目前,网络犯罪分子只是在衡量和评估新市场的风险、机会和潜在的盈利能力。
同时,制造商和用户也不太在意可能的威胁。也许,在经历一次成功的物联网勒索攻击后,人们的态度会迅速转变。希望我们有时间做准备。
《Beware the next wave of cyber threats: IoT ransomware》
https://www.information-management.com/opinion/beware-the-next-wave-of-cyber-threats-iot-ransomware
Ransomware has become one of the most serious cyber threats plaguing organizations. Today, all of us – from home users to corporations and government organizations – are trying to protect ourselves from encryption viruses.
But we are ignoring the beginning of the next wave of ransomware attacks – aimed at encrypting IoT devices. These attacks can be much more dangerous given the omnipresent and extremely diverse nature of the Internet of Things.
Quite simply, there are some differences that make IoT ransomware more dangerous than the already widespread extortion viruses for desktops and smartphones.
IoT ransomware does not encrypt your data
The well-known and most active crypto viruses like Locky and Cerber lock down important files on infected machines. Their main strength is irreversibility – the victims are forced to either pay for obtaining the decryption key or say goodbye to their files in case there are no backups. It is usually assumed that files and important data have a value expressed in money, and this fact attracts cyber extortionists.
IoT devices often do not have any data at all. Some may think that ransomware authors are not interested in attacking IoT devices. It’s actually not so.
Instead of only locking some files, IoT viruses may lock and get complete control over many devices and even networks. IoT malware may stop vehicles, disconnect the electricity and even halt production lines. Such programs can do much more harm, and therefore hackers may demand much larger ransom amounts. This increases the attractiveness of the new underground market.
One could argue that IoT hacking can be stopped with a simple reboot. However, the incentive to pay extortionists does not result from irreversibility but rather from the volume and character of potential losses which may occur during the time you lose control over the system.
While the Internet of Things expands the possibilities of life-supporting devices like pacemakers or industrial systems such as pumping stations, the financial benefits of blocking IoT infrastructure and the damage from belated response will grow exponentially. Organizations that use the Internet of Things in industrial control systems are the most vulnerable. These include power plants, big automated production lines, etc.
Consumer IoT devices
Attacks on consumer IoT devices, including smart homes and connected cars, are already real. Researchers have shown how they can gain control of a connected thermostat through the use of malicious code and set the device to increase the temperature to the maximum, causing the owner to pay a ransom.
Let’s imagine you got into a connected car this morning and suddenly there is a message on the screen: “If you pay $500, I’ll let you get to work today.” It was impossible several years ago, but due to technological progress, such scenario does not look fantastic anymore.
Furthermore, IoT ransomware may steal important data and personal information, for example, from surveillance cameras connected to the network or from fitness gadgets and then blackmail people, threatening to publish their sensitive information.
Despite the fact that IoT devices often have serious security weaknesses, it is still premature to talk about the imminent ransomware threat for smart homes and connected cars. The wide variety of apps and devices created by thousands of manufacturers complicates extensive malware usage.
The IoT industry is highly fragmented these days. It lacks standardized approaches, common platforms and communication systems. It is tough to carry out mass attacks. Every time a compromise occurs, hackers only target a specific type of devices, which reduces the number of potential victims.
We can conclude that hackers’ benefits from attacking consumer IoT devices are currently small. But the situation is likely to change in the future as the Internet of Things is going to deeper penetrate into our homes and offices.
Industrial segment already facing high risks
We see an entirely different picture in the industrial segment of the Internet of Things. Industrial systems are already very attractive for cyber extortionists. This could be any relevant system that may affect the lives of thousands or millions of people and are extremely expensive to operate.
For example, several US hospitals have undergone a series of ransomware attacks recently. Normal workflow of the Hollywood Presbyterian Hospital was disrupted because of ransomware. Some patients had to be moved to other clinics, and doctors started to keep records the old fashioned way on paper.
If a hospital system is compromised, it puts the health of patients at risk. The likelihood is very high that the hospital will pay upon demand. An attack against critical infrastructure can be carried out successfully based on similar factors – if lives of people might be put in danger and time is pressing, the owners would often agree to pay up.
Power grids and power stations can be another important target for IoT malware. Their important role in the modern world was perfectly illustrated as far back as the Northeast blackout of 2003. It caused $6 billion in losses within several hours, affecting 55 million people. It wasn’t a cyber attack but a software failure. Today, hackers constantly scan the Internet for important and vulnerable networks, so energy companies should be prepared.
How to protect IoT systems from ransomware
Although there is no universal solution, many experts believe that the observance of certain guidelines and methodologies can help organizations and manufacturers better protect their IoT systems from ransomware.
One of the important points is the ability to remotely upgrade the firmware of smart devices. Safety is a journey, not a destination, and there are no connected devices that can stay safe forever. Therefore, a firmware update should be a very simple, effective and safe process.
The latter is particularly important since insecure update channels can become portals for the infection to come in. There are time-tested measures to eliminate this malware entry point, such as blocking the processor and firmware, as well as encrypting communication channels between devices.
A reliable authentication mechanism poses another important protection measure. You may encounter situations these days when devices are connected to the Internet without any authentication at all.
This paves the way for spoofing. If lack of authentication becomes a mass phenomenon, it will be possible to disable millions of devices. Spoofing is particularly dangerous when a server with millions of connected machines is infected.
To make intruders’ life much harder it is necessary to introduce reliable security certificate life-cycle management and standardize the code base of security systems. This will help reduce the number of attack vectors.
Of course, securing the Internet of Things remains an arduous task as the industry is only groping its way. Currently, online criminals are only beginning to weigh the risks and assess the opportunities and potential profitability of the new market.
Meanwhile, manufacturers and users are not too concerned about the possible threat. Perhaps this will change quickly after the first successful incidents of rogue monetization of IoT vulnerabilities. Hopefully, we will have time to prepare.
附件:
《Beware the next wave of cyber threats - IoT ransomware》--原文.pdf
《Beware the next wave of cyber threats - IoT ransomware》--译文.pdf
微信公众号