IoT Insider Newsletter | February 2025 Edition

Welcome to the February 2025 edition of IoT Insider, your go-to source for the latest news and trends in the world of Internet of Things. In this edition, we bring you a curated selection of news and regulations to keep you informed and empowered in the digital age.

1.??? Cyber Threats on the Rise | Protect Your Digital Fortress!

As technology advances, so do the risks. We highlight the latest cyber threats making headlines, from sophisticated ransomware attacks to data breaches affecting millions.

• At the Pwn2Own Automotive 2025 hacking contest in Tokyo, security researchers successfully compromised Tesla's Wall Connector electric vehicle (EV) charger multiple times. The PHP Hooligans team exploited a zero-day vulnerability described as a "numeric range comparison without minimum check" to take control of the charger, earning them $50,000 and five Master of Pwn points. Following this, the Synacktiv team also breached the Tesla EV charger through the charging connector, marking the first public demonstration of such an approach. These events underscore the critical importance of Zero Tolerance security controls in EV infrastructure, as vulnerabilities in charging systems can pose significant risks to both vehicle safety and the broader power grid. The Pwn2Own contest continues to highlight these issues, incentivizing researchers to identify and address potential weaknesses before they can be exploited maliciously.
• 13,000+ MikroTik Routers Hijacked! A staggering 13,000 MikroTik routers have been taken over in a massive hacking campaign, turning them into pawns in a broader malicious scheme. "This activity leverages misconfigured DNS records to bypass email protection techniques," explained David Brunsdon, a security researcher at Infoblox, in a technical report published last week. "The botnet utilizes a global network of MikroTik routers to distribute malicious emails that are crafted to appear as if they originate from legitimate domains. "The DNS security company, which named the campaign "Mikro Typo," discovered it after spotting a spam email attack in late November 2024. The emails used fake freight invoices to trick people into opening a ZIP file. The ZIP file contained a hidden JavaScript file, which ran a PowerShell script to connect to a command-and-control (C2) server at IP address 62.133.60[.]137. Once compromised, the routers had scripts installed to enable SOCKS (Secure Sockets), which turn the devices into proxies. This setup masks the origin of malicious traffic, making it hard to trace back to the attackers. Adding to the danger, these proxies don’t require authentication, meaning other hackers could misuse them for attacks like DDoS or phishing campaigns. The spam email campaign also takes advantage of incorrect DNS settings in 20,000 domains, letting the attackers send emails that look like they’re from those domains and bypass email security checks. Resource: link
• The notorious Mirai botnet continues to evolve. First we seen the Murdoc Botnet: A Mirai-based botnet targeting AVTech cameras and Huawei HG532 routers, leveraging vulnerabilities like CVE-2024-7029 and CVE-2017-17215. With over 1,300 active IPs and targeting countries like Malaysia, Thailand, and Mexico, it's spreading across the globe. Researchers from Qualys point to its deployment techniques using ELF files and Shell script execution. The researchers uncovered an active Mirai-based operation known as "Murdoc_Botnet," which started in July and currently involves over 1,300 active IPs. This campaign is specifically targeting Avtech cameras and Huawei HG532 routers. The Murdoc Botnet is a well-known malware that attacks *nix systems, especially weak AVTECH and Huawei devices. It uses existing vulnerabilities (CVE-2024-7029,?CVE-2017-17215) to download the next-stage payloads. Resource: link
• And yet another variant was spotted, a Mirai and Bashlite-derived one (aka?Gafgyt?and Lizkebab) was observed by Trend Micro. This variant is infecting IoT assets by actively exploiting remote code execution (RCE) vulnerabilities and weak initial passwords. A disturbing side effect: The malware disables the watchdog timer, ensuring the device doesn’t restart even when experiencing high loads during DDoS attacks. This tactic has been seen before in variants of Mirai malware. Furthermore, the malware exploits the Linux iptables command to delay detection of the infection and to manipulate packets used in DDoS attacks. The attacks span across Asia, North America, South America, and Europe. When counting unique IP address strings (including specified IP ranges), the targets are mainly concentrated in North America and Europe, with the United States, Bahrain, Spain and Poland. Resource: link
• Recent research has uncovered vulnerabilities in four tunneling protocols, leading to the hijacking of approximately 4.2 million internet hosts, including VPN servers and both home and enterprise routers. Attackers exploit these flaws to use compromised devices as one-way proxies, facilitating various anonymous attacks such as denial-of-service (DoS), DNS spoofing, TCP hijacking, SYN floods, and Wi-Fi intrusions. The majority of these incidents have been reported in Brazil, China, France, Japan, and the United States. This situation highlights the critical need for robust security measures in tunneling protocols and hardening of the edge devices. Organizations should ensure that tunneled traffic is accepted only from trusted endpoints, implement proper source validation, apply vendor patches promptly, and enforce strict firewall rules. Regularly hardening tunneling configurations and verifying authentication checks are essential steps to mitigate the risk of such attacks. Resource: link

2.??? Global Cyber security Regulations | Navigating the Compliance Maze

Governments worldwide are tightening their grip on cyber security regulations. Stay updated on the latest compliance requirements, privacy laws, and data protection regulations that can impact businesses and individuals alike. We decode complex jargon and provide practical insights to help you navigate the compliance maze effortlessly.

• The Digital Operational Resilience Act (DORA) is a key regulatory framework aimed at ensuring financial entities in the EU, think of banks, credit institutions, and investment firms, can withstand and respond to digital disruptions. Effective January 17, 2025, DORA mandates stringent requirements for risk management, incident reporting, and third-party provider oversight. This act imposes strict cyber security measures that affect how IoT devices and systems within the financial sector. As IoT devices become more embedded into business and financial systems, regulators are emphasizing on the need for cyber resilience.
• The U.S. Cyber Trust Mark, a voluntary cyber security labelling program for internet-connected devices, was officially launched on January 7, 2025. This initiative, administered by the Federal Communications Commission (FCC), aims to help consumers identify smart devices that meet established cyber security standards, thereby enhancing consumer confidence in the security of connected products. The introduction of the Cyber Trust Mark represents a significant step toward standardizing cyber security practices for consumer IoT devices. By providing a clear and recognizable label, the program empowers consumers to make informed decisions, encouraging manufacturers to prioritize cyber security measures, following industry best practices in their products. This initiative mirrors the success of the Energy Star program in promoting energy efficiency and is expected to drive widespread adoption of secure design principles across the industry.
• The Delaware Personal Data Privacy Act (DPDPA), regarded as one of the most comprehensive data privacy laws in the United States, officially takes effect on January 1, 2025. However, businesses will have until 2026 to fully implement universal opt-out mechanisms in line with the law's requirements. The DPDPA sets a new benchmark for data privacy, compelling businesses to prioritize consumer rights through clear consent management and enhanced transparency in data processing practices. Notable examples include:
• New Jersey Data Privacy Act (NJDPA)
• Nebraska Data Privacy Act (NDPA)
• Minnesota Consumer Data Privacy Act (MCDPA)
• Maryland Online Data Privacy Act (MODPA)
• Iowa Consumer Data Protection Act (ICDPA)
• Texas Data Privacy and Security Act (TDPSA)
• Tennessee Information Protection Act (TIPA)

These acts reflect a growing trend towards stronger regulatory frameworks aimed at protecting data privacy across the United States.

• India has published a draft version of the Digital Personal Data Protection (DPDP). While the exact implementation timeline is still uncertain, typically, following such proposals, there would be a phase of public consultation before finalization. The regulations are expected to take effect several months after they are passed into law, but specific dates are often contingent on legislative processes.
• The release of MITRE D3FEND 1.0 marks a significant advancement in cyber security standardization, aimed at providing a comprehensive framework for defensive measures against various cyber threats. This initiative seeks to create a common language and structure for organizations to better understand and deploy cyber security strategies effectively. D3FEND categorizes defensive techniques, tools, and methodologies, enhancing collaboration among cyber security professionals while facilitating the assessment of security measures in place. This standardization is crucial as it enables not only individual organizations but the broader cyber security community to share insights and best practices, fostering a proactive approach to threat management.

3. Industry Spotlight | Cutting-Edge Innovations in Cyber Defence

Discover groundbreaking advancements and innovative technologies in the world of cyber defence. From artificial intelligence and machine learning to blockchain and quantum computing, we explore how these game-changing technologies are revolutionizing the fight against cyber threats. Get inspired by success stories and learn how to implement these solutions in your own digital ecosystem.

February’s topic: The Future of Sustainability | Bacteria Meet the Internet of Things

Microbial IoT: Unlocking the Power of Bacteria for Environmental Health Monitoring

Microbial IoT represents a groundbreaking convergence of biotechnology and smart technology, turning living microorganisms into real-time environmental sentinels. By harnessing the innate sensitivity of bacteria to pollutants and other ecological shifts, this innovative approach enables a deeper, more immediate understanding of environmental health. Genetically engineered bacteria act as living sensors, transmitting critical data via IoT networks to alert stakeholders of changes like toxic spills or nutrient imbalances. Unlike traditional methods, this technology offers a cost-effective, scalable, and eco-friendly way to monitor ecosystems. The integration of biology and IoT promises to not only revolutionize environmental monitoring but also pave the way for proactive interventions, fostering resilience in the face of climate and ecological challenges.

Want to know more read it here: https://blog.checkpoint.com/artificial-intelligence/the-future-of-sustainability-bacteria-meet-the-internet-of-things-2/

4. Expert Interviews | Insights from Cyber security Gurus

Gain exclusive access to interviews with industry experts, thought leaders, and cyber security gurus. Uncover their strategies, predictions, and best practices to protect yourself, your organization, and your loved ones from the ever-evolving cyber landscape. Stay updated on emerging trends, emerging threats, and expert tips to stay cyber resilient.

This month I want to highlight 2 sessions:

1. “IoT is hard, keep hustling - The Things Podcast - The Things Conference 2024” I love these quotes: "IoT is going to be part of the solution" and? “Compliance will help scale IoT business”.
2. In this episode of the Cinegration Station Podcast, hosts Ryan and AJ delve into an intriguing discussion about different styles of camera security.

5. Cyber security Awareness Corner | Empowering You with Knowledge

Knowledge is power! Our cyber security awareness corner equips you with practical tips, best practices, and actionable advice to enhance your online safety. Learn how to spot phishing attempts, secure your passwords, protect your personal information, and stay safe in the digital world. Be the cyber security champion your friends envy!

I want to share a report from Forescout: “The riskiest connected devices in 2024” outlining IoT assets devices containing vulnerabilities have surged by 136% compared to a year ago! The number of devices at risk has jumped from 14% in 2023 to 33% in 2024. The most affected devices are wireless access points, routers, printers, VoIP systems and IP cameras. These devices are crucial for cyber criminals as they provide gateways for penetrating networks, enabling them to move laterally and extract data. Additionally, the report points out that 5% of Internet of Medical Things (IoMT) devices are vulnerable, which poses serious threats to healthcare operations. The report also mentions that 5% of Internet of Medical Things (IoMT) devices have problems, which is a big concern for healthcare operations. Areas like technology, education, manufacturing, and finance have the highest risk scores for devices. On the other hand, the healthcare sector has gotten better at protecting its devices because of big investments in security. Interesting graphs from the report:

Resource: link

Interesting free training session to boost your knowledge and career!

• Fog Networks and the Internet of Things
• Embedded Linux for IoT Systems
• Introduction to Embedded Systems and ARM for IoT
• Machine-to-machine (M2M) course

We hope you find this edition of The IoT Insider both informative and engaging. Stay secure, stay informed, and stay one step ahead!