IoT Insider Newsletter | December 2024 Edition

Welcome to the December 2024 edition of IoT Insider, your go-to source for the latest news and trends in the world of Internet of Things. In this edition, we bring you a curated selection of news and regulations to keep you informed and empowered in the digital age.

1.??? Cyber Threats on the Rise | Protect Your Digital Fortress!

As technology advances, so do the risks. We highlight the latest cyber threats making headlines, from sophisticated ransomware attacks to data breaches affecting millions.

• Germany's Federal Office for Information Security (BSI) has disrupted the BadBox malware operation pre-loaded in over 30,000 Android IoT devices sold in the country. The discovery highlights the dangers of compromised supply chains and lax security practices. BSI says the malware can steal two-factor authentication codes, install further malware, and create email and messaging platform accounts to spread fake news. It can also engage in ad fraud by loading and clicking on ads in the background, generating revenue for fraud rings. Finally, BadBox can be set up to act as a proxy, allowing other people?to use the device's internet bandwidth and hardware to route their own traffic. This tactic, known as residential proxying, often involves illegal operations that implicate the user's IP address. Germany's cyber security agency says it blocked communication between the BadBox malware devices and their command and control (C2) infrastructure by sinkholing DNS queries so that the malware communicates with police-controlled servers rather than the attacker's command and control servers.?Prevention starts with strict security standards throughout the supply chain, from OEMs to distributors. Companies must implement thorough testing to detect malware and unauthorized software in devices before shipping them to consumers. Security should extend beyond the hardware, including strong software signing and verified firmware updates. To ensure security, users should prioritize purchasing devices from trusted sources, promptly install software updates during the initial setup, and, when feasible, utilize antivirus solutions. Neglecting these measures leaves users susceptible to malware embedded within their devices, which can lead to fraud, identity theft, and data breaches—often occurring long before users. The forthcoming Cyber Resilience Act (CRA) aims to mitigate such risks by introducing enhanced regulatory protections.
• The Iranian threat group CyberAv3ngers has used custom-built malware named IOCONTROL to target IoT and OT devices in the US and Israel. Recent reports highlight that Iranian government-backed hackers, operating under the guise of groups like "Cyber Av3ngers," have used custom malware named IOCONTROL to target operational technology (OT) and Internet of Things (IoT) devices. These attacks have been aimed at infrastructure in the United States and Israel, including water utility control systems and programmable logic controllers (PLCs). The targeted PLCs, were left exposed on the internet with weak security measures like default passwords, making them vulnerable to compromise. The malware is based on a generic IoT/OT malware framework designed to target embedded Linux-based devices, with the attackers compiling different versions created specifically for each type of targeted system. This campaign leverages open-source tools and exploits vulnerabilities in connected devices to disrupt or infiltrate critical infrastructure systems. Cyber security experts and U.S. authorities warn that such attacks—while sometimes exaggerated by the attackers themselves for psychological impact—highlight the significant risks of insufficiently secured OT and IoT deployments.
• The Matrix botnet has recently surfaced as a significant threat, exploiting vulnerabilities and misconfigurations in IoT devices to execute a widespread distributed denial-of-service (DDoS) campaign. This botnet utilizes compromised devices like IP cameras, DVRs, and routers, alongside misconfigured services such as Telnet and SSH. Leveraging publicly available tools, including scripts from GitHub, the attacker also reportedly offers a DDoS-for-hire service through Telegram. The simplicity of the attack emphasizes how weak credentials and outdated firmware leave IoT systems highly vulnerable. There is evidence to suggest that the operation is the work of a lone wolf actor, a script kiddie of Russian origin. The attacks have primarily targeted IP addresses located in China, Japan, and to a lesser extent Argentina, Australia, Brazil, Egypt, India, and the U.S. The absence of Ukraine in the victimology footprint indicates that the attackers are purely driven by financial motivations. Ensuring robust IoT security is crucial. Basic measures like changing default credentials, securing management interfaces, and applying firmware updates can prevent these exploits. As IoT devices increasingly connect critical infrastructures (think of Industry 4.0, IIoT use cases) ensuring their security is imperative to protect against both opportunistic and targeted cyberattacks.
• IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack. Researchers at Black Hat Europe demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device. The "Open Sesame" attack, demonstrated at Black Hat Europe 2024, highlights a significant vulnerability in Ruijie Reyee access points, allowing attackers to gain full access to devices via cloud-based over-the-air updates. This flaw enabled researchers to bypass authentication, manipulate firmware, and execute malicious commands. Such attacks underline the critical need for adequate firmware security, secure update mechanisms, and strong authentication protocols to safeguard IoT infrastructure. This vulnerability serves as a stark warning for organizations dependent on cloud-connected IoT devices.
• Check Point Software research cp<r> has spotlighted AndroxGh0st as the leading malware threat, targeting IoT devices and critical infrastructure on an unprecedented scale. Integrated with the Mozi botnet, AndroxGh0st exploits unpatched vulnerabilities to infiltrate energy grids, transportation networks and healthcare systems. The malware combines remote code execution and credential-stealing capabilities, enabling malicious actions like Distributed Denial of Service (DDoS) attacks and data exfiltration. The enhanced reach of this combined botnet poses escalating risks for industries heavily reliant on vulnerable IoT ecosystems. Disrupting these systems can lead to widespread chaos, financial losses and even threats to public safety. Key take aways: IoT devices are often "abandoned" after deployment. Manufacturers focus on selling new devices, leaving older ones without security updates. These "orphaned devices" become ticking time bombs in critical infrastructures, factories and hospitals. Attackers innovate faster than defenses. AndroxGh0st isn't just exploiting weaknesses; it’s using them to spread new tools across networks, infecting not only IoT devices but the complete ecosystem they’re connected to. Shadow IoT assets and poorly documented OT systems create blind spots in networks.

2.??? Global Cyber security Regulations | Navigating the Compliance Maze

Governments worldwide are tightening their grip on cyber security regulations. Stay updated on the latest compliance requirements, privacy laws, and data protection regulations that can impact businesses and individuals alike. We decode complex jargon and provide practical insights to help you navigate the compliance maze effortlessly.

• On December 2nd 2020, the EU adopted the Cyber Solidarity Act. The EU Cyber Solidarity Act, finalized in December 2024, represents a significant effort to enhance the collective cyber security resilience of EU member states. It introduces three core pillars: the European Cybersecurity Shield, the Cybersecurity Emergency Mechanism, and the Cybersecurity Incident Review Mechanism.

1. European Cybersecurity Shield: This initiative establishes a network of National and Cross-border Security Operations Centres (SOCs) to bolster cyber threat detection, response, and information sharing. Powered by advanced AI and data analytics, the shield also integrates a European Cybersecurity Alert System, which enhances real-time incident awareness across member states.
2. Cybersecurity Emergency Mechanism: To ensure rapid and coordinated incident response, this mechanism includes an EU Cybersecurity Reserve of expert response teams ready to assist in large-scale cyber incidents. It also mandates stress testing for critical sectors like healthcare, energy, and transportation to identify vulnerabilities.
3. Incident Review Mechanism: This focuses on learning from incidents by systematically analyzing response effectiveness to strengthen future preparedness.

The Act is closely aligned with other EU cyber security laws, such as NIS2 and the Cyber Resilience Act, ensuring a cohesive framework across the bloc. Its emphasis on collaboration and innovation positions the EU to better counter cyber threats, especially as attacks increasingly target critical infrastructure.

• The NIST report The IoT of Things underscores the growing complexity and interconnectedness of IoT ecosystems, where devices, networks, and cloud services coalesce to deliver unprecedented functionality, but also amplify security risks. The report highlights the importance of addressing vulnerabilities such as weak authentication, lack of patching protocols and insecure communication channels. It also emphasizes the challenge of managing IoT at scale, where diverse devices with varying lifecycles must coexist securely. The report provides actionable frameworks for stakeholders, promoting standards-based approaches to risk management, transparency in device capabilities, and fostering greater accountability throughout the IoT supply chain. Why it matters? Security is vital to ensuring the reliability, safety and trustworthiness of such devices and networks. Weaknesses in any link of the IoT ecosystem can have cascading effects, leading to breaches, data theft, or even operational failures in critical systems. Implementing the recommendations in the NIST framework -such as secure software development, device labelling for transparency, and regular risk assessments - can minimize vulnerabilities. By embedding security at every stage, from design to deployment, organizations can protect their IoT deployments and mitigate risks, ultimately strengthening user trust and the resilience of connected ecosystems.

3. Industry Spotlight | Cutting-Edge Innovations in Cyber Defence

Discover groundbreaking advancements and innovative technologies in the world of cyber defence. From artificial intelligence and machine learning to blockchain and quantum computing, we explore how these game-changing technologies are revolutionizing the fight against cyber threats. Get inspired by success stories and learn how to implement these solutions in your own digital ecosystem.

December’s topic: When IoT and Cloud turn into Toxic Combinations

IoT and the cloud can be a dangerous cocktail of risk when misconfigurations meet overprivileged access and insecure design. Picture a cloud-based virtual machine with exploitable vulnerabilities, exposed to the internet, with overprivileged access deeper into the cloud account or on-premises networks. This is granting attackers a bridge to the cloud or your network. Now, amplify that threat through IoT devices, like cheap cameras or sensors - offering cloud connectivity by default. These devices can become invisible conduits of risk, syncing to poorly configured cloud storage that leaks data or even pulling firmware updates from a compromised source. A single exploited IoT device connected to the cloud can transform into an entry point for attackers, propagating botnets, data breaches and supply chain havoc. As more OEM providers bake insecure cloud dependencies into their IoT products, the potential for unseen exploitation scales dramatically, endangering businesses and consumers alike.

Want to know more read it at https://blog.checkpoint.com/security/config-chaos-how-iot-and-cloud-misconfigurations-undermine-security/

4. Expert Interviews | Insights from Cyber security Gurus

Gain exclusive access to interviews with industry experts, thought leaders, and cyber security gurus. Uncover their strategies, predictions, and best practices to protect yourself, your organization, and your loved ones from the ever-evolving cyber landscape. Stay updated on emerging trends, emerging threats, and expert tips to stay cyber resilient.

This month I want to highlight the IoT podcast IoT For All “Taking IoT Security Seriously” with Kyndryl’s Paul Savill .

The podcast episode "Taking IoT Security Seriously" with Paul Savill discusses key challenges and strategies in securing IoT ecosystems. Savill highlights the security gaps created by outdated infrastructure, emphasizes the importance of robust security policies, and advises businesses to stay ahead of emerging threats through continuous training. The discussion also touches on the significance of bridging the IT/OT divide, enhancing organizational security posture, and deciding when to have in-house security teams. For more, listen to the full episode here.

Interesting key take away: “Lesson learned could be shared more effectively to optimize the complete OT realm”. In the Kyndryl readiness report, the OT realm of 44% of the ?hardware is outdated. That raises an interesting question of how to secure those legacy assets? To ensure they are still unpatched but not exploitable anymore, IPS, data diode setup etc might be an answer. Implementing a layered defense strategy, including network segmentation and in depth monitoring ensures that even older, unpatched systems are isolated from potential threats, making them less exploitable without requiring full system updates.

5. Cyber security Awareness Corner | Empowering You with Knowledge

Knowledge is power! Our cyber security awareness corner equips you with practical tips, best practices, and actionable advice to enhance your online safety. Learn how to spot phishing attempts, secure your passwords, protect your personal information, and stay safe in the digital world. Be the cyber security champion your friends envy!

• Cedalo's MQTT Academy This platform offers an introductory MQTT course for beginners, which covers the fundamentals of the protocol and prepares you for more advanced topics such as MQTT Quality of Service (QoS) and MQTT Flags. The academy is beginner-friendly and designed with hands-on learning. You can access these courses for free and gain practical insights into using MQTT for IoT projects.
• Princeton University Fog Networks & IoT This course dives into Fog Networks, explaining the architecture behind Fog and how this will play a role in IoT.
• MIT Internet of Things, Roadmap to a Connected World: The course takes you through the vastness of Big Data technologies, processes, algorithms and architectural approaches and provides you with the building blocks of a Big Data strategy for your project/company.
• University of California, Irvine Interfacing with Arduino:?In this class you will learn how and when to use the different types of sensors and how to connect them to the Arduino.

We hope you find this edition of The IoT Insider both informative and engaging.

?? Wishing you all a Merry Christmas and a Happy New Year! May your holiday season be filled with joy, peace, and secure IoT connections. ?? Remember: just like you wouldn't leave the front door wide open for a Grinch to slip in, make sure your IoT devices are password-protected and regularly updated. Whether it's your smart speakers or connected coffee maker, secure it all! ??

Stay secure, stay informed, and stay one step ahead!