Padlock icon on circuit chip showing how botnet Dark Nexus is threatening IoT security

Security Has Become an Arms Race

With COVID-19 (coronavirus) forcing almost all non-essential workers to halt travel and work from home full-time, our dependency on connected devices has never been so high. Even after the global health crisis passes, it is likely that this trend of increased digital dependency will continue in the wake of COVID-19, thrusting us into a “new normal,” where remote connectivity is more deeply integrated into our daily lives than ever before. In this “new normal,” not only will we be surrounded by more connected devices than ever before, but these devices will be increasingly sophisticated with higher levels of functionality.

To keep pace with malicious cyber innovations and to stay one step ahead of hackers, we need cybersecurity solutions that can detect attacks, prevent attack persistency, enable quick recovery, and collect forensic data to continuously enrich and improve defenses and stay ahead of new attacks to prevent catastrophe in the future.

Already, there are new malware threats that are preying on society’s new practices of intense remote connectivity. dark_nexus (Dark Nexus) is one grave example of a rapidly evolving and sophisticated botnet that’s threatening the integrity of the Internet of Things (IoT). By using known credentials and then installing itself on compromised connected devices, Dark Nexus acts as a bot to stage Distributed Denial-of-Service (DDoS) attacks. Built on the foundations of the Mirai botnet and the Qbot, it proves that botnet operators are continuously evolving their tactics and finding new ways to exploit a variety of vulnerabilities in poorly secured IoT devices.

Dark Nexus can affect a wide variety of IoT devices—the list of compromised devices already includes router models, video recorders, and thermal cameras—and it’s also likely that Dark Nexus will morph and continue to attack different kinds of devices. Once installed on IoT devices, there is myriad nefarious activities that Dark Nexus can execute. For instance, the malware can also propagate and infect more devices or networks from other companies to make the botnet army grow.

The most interesting targets for Dark Nexus are IoT devices that exist in industrial settings, like utilities routers, smart meters, and industrial controllers. If successful, an attack on these devices has the potential to compromise the infrastructures of entire states or even countries. For example, consider if Dark Nexus compromised a state’s electric grid and seized control of the smart meters. Just by manipulating the smart meters to run either too slowly or too quickly, Dark Nexus can incite chaos, as this would overrun the energy company’s customer service and erode the public’s trust of the company and, thus, their willingness to pay. In this scenario, Dark Nexus is able to indirectly sow chaos across a state—even with just a simple act.

This dependence on connected devices will be particularly evident in a post COVID-19 world, where IoT will be integrated into our daily lives as it never has before. Of course, increased connectivity is advantageous to society, delivering new levels of efficiency, productivity, and innovation; however, increased connectivity also increases the attack surface area—and its value to would-be attackers.

Thus, the key to a strong defense against hackers is preparation. We must assume not only that every IoT device has vulnerabilities, but that these vulnerabilities will be more and more frequently targeted in attempted attacks. So, we must consider: What can companies do now to safeguard their devices against the oncoming attacks of a hyper-connected world?

First, companies must be aware of their IoT assets and understand what risks are associated with these devices. They also need to determine adequate security measures that can both detect and prevent future attacks.

In addition to preventing malicious attacks, a security solution must also omnipresently detect any attempted attacks. For example, should Dark Nexus attempt to install itself on an IoT device, companies should have a robust security solution in place with a secure operating system that will be immediately notified of the intended threat at the moment it is happening, allowing them to immediately enact their prepared defense procedures. The security solution should also determine whether the attack was just targeting select devices or was aiming to attack others in the network. And when it comes to safeguarding one’s company, successfully detecting an attempted attack is just as important as deflecting it, as it is this knowledge that enables a company to immediately begin collecting forensic evidence—crucial data if one intends to seek financial compensation for the damages incurred.

Security has become something of an arms race: Just as the attackers continue to improve and develop better tools, so, too, do the defenders. But in order to continuing developing a robust defense, companies need data, e.g. ‘How did the attack take place?’ ‘What happened during the attack?’ That’s why it is so crucial to have a security solution that can start collecting the data and the evidence immediately to empower companies to protect themselves against hackers.

Increased remote connectivity in COVID-19 world has increased the attack surface area for #IoT devices. #cybersecurity #respectdata Click to Tweet

The more sophisticated, critical, and sensitive devices are, the more attractive they are to hackers and the more susceptible they are to attacks. And with COVID-19 having plunged us more deeply than ever before into a world of connectivity, it greatly behooves companies to act now to increase their preventative security measures and their visibility on their networks. Even in the midst of the crisis, we need to prepare for the day after this is all over in order to fortify our infrastructures to withstand the new normal of complete digital dependency.

 

VP Business Development at NanoLock Security
IoT Security Product Manager at KPN Security