Fileless Attacks on Linux-based IoT Devices

Fileless Attacks on Linux-based IoT Devices
Slide Note
Embed
Share

Fileless attacks on Linux-based IoT devices using HoneyCloud. Exploring the background, architecture, findings, implications, and conclusions of these attacks. Delve into the use of hardware and software IoT honeypots to combat such threats.

  • IoT security
  • Fileless attacks
  • Linux devices
  • Cybersecurity
  • Honeypots
robinett_j
robinett_j Follow

Uploaded on Feb 17, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud Fan Dang, Zhenhua Li, Yunhao Liu, Ennan Zhai Qi Alfred Chen, Tianyin Xu, Yan Chen, Jingyu Yang 1

  2. Outline Introduction Background Architecture Findings and implications Conclusion 2

  3. Introduction 3

  4. Introduction Most IoT devices use Linux OS (e.g., OpenWrt and Raspbian) Hardware IoT honeypots Software IoT honeypots Honey cloud 4

  5. Background 5

  6. Fileless attacks A.k.a zero-footprint attacks, macro, or non-malware attacks Using legitimate programs to infect a computer E.g. UIWIX 6

  7. Honeypot 7

  8. Architecture 8

  9. Hardware IoT honeypots 9

  10. Hardware IoT honeypots 10

  11. Hardware IoT honeypots 11

  12. Software IoT honeypots 12

  13. Software IoT honeypots 13

  14. High Fidelity Maintainer Customizing QEMU configurations Masking sensitive system information Forge /proc/cpuinfo in OpenWrt VM instances rearrangement among public clouds Fragmentizing regions, zones, and in-zone IP ranges Periodically change the IP address of each software honeypot 14

  15. Software IoT honeypots 15

  16. Software IoT honeypots 16

  17. Software IoT honeypots 17

  18. Shell Interceptor 18

  19. Shell Interceptor 19

  20. Shell Interceptor 20

  21. Inference Terminal {ab c} {acb} 21

  22. Software IoT honeypots 22

  23. Findings and implications 23

  24. General working flows of captured attacks 24

  25. Hardware Software Quantity 4 108 Suspicious connections 14.5million 249million SSH/Telnet connections 85.8% 78.3% SMB connections 3.2% 8.9% HTTP(S) connections 2.5% 3.2% Malwarebased attacks Fileless attacks 0.75 million 0.08 million 14.6 million 1.40 million Resize X 37 25

  26. Malware-based Attacks 426 different types of malware (hardware) 598 different types of malware (software) 73.3% and 80.2% of them are Mirai 92.1% of malwarebased attacks target multiple architectures of IoT devices 598 426 Hardware Software 26

  27. Fileless Attack Taxonomy 8 different types of fileless attacks 27

  28. Occupying end systems (1.8%) Altering the password of an IoT device (via passwd) passwd : a command in Linux which is used to change the user account passwords 28

  29. Damaging system data (54.4%) Removing or altering certain configuration files or programs (via rm and dd) e.g. Remove the watchdog daemon Watchdog : An electronic or software timer that is used to detect and recover from computer malfunctions 29

  30. Preventing system monitoring/auditing services (8.5%) Killing the watchdog processes or stopping certain services (via kill and systemctl) e.g. By stopping the firewall service, attackers can better exploit known vulnerabilities to launch attacks 30

  31. Retrieving system information (7.4%) Retrieving the hardware information and the system information (via lscpu) Such information may be useful for launching further attacks for specific purposes, e.g., downloading and executing platform-specific malware binaries. 31

  32. Stealing valuable data (23.5%) Reading passwords and/or certain configuration files (via cat) 32

  33. Launching network attacks (0.3%) By sending malformed HTTP requests to exploit the vulnerabilities of targeted web servers to launch DoS attacks (via wget and curl) 33

  34. Issuing other shell commands for unclear reasons (3.8%) Issuing other shell commands for unclear reasons . Speculating that the attacker may be collecting and analyzing other system users at the same device 34

  35. Conducting attacks where no shell command is involved (0.3%) SSH Tunneling Attack 35

  36. Usage frequency of the shell commands 36

  37. Conclusion 37

  38. 38

Related


Types Cyber Attacks: Cyber Security Training Workshop

Types Cyber Attacks: Cyber Security Training Workshop

anara
Lightweight Cryptography Standard for IoT - November 2023 IEEE Presentation

Lightweight Cryptography Standard for IoT - November 2023 IEEE Presentation

ruan
DoS Detection for IoT Networks Using Machine Learning: Study Overview

DoS Detection for IoT Networks Using Machine Learning: Study Overview

aqua
Linux Services and Internals

Linux Services and Internals

savanna
Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

orangeinfomedia
Introduction to Linux System Administration

Introduction to Linux System Administration

herbert
IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

joah
IoT Data Analytics Architecture for Real-World Use Cases

IoT Data Analytics Architecture for Real-World Use Cases

ksatt
Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

cyru_4
Faster 5G-IoT Interworking Solution and Market Outlook

Faster 5G-IoT Interworking Solution and Market Outlook

ado_zec
Internet of Things (IoT) in Vocational Education

Internet of Things (IoT) in Vocational Education

bro_g
Introduction to Linux and Commands - Overview and Benefits

Introduction to Linux and Commands - Overview and Benefits

kaer979
Introduction to Linux: Course Overview and Objectives

Introduction to Linux: Course Overview and Objectives

hadri
Linux Printing Technologies Overview

Linux Printing Technologies Overview

ton_xza
Network Security Vulnerabilities and Attacks

Network Security Vulnerabilities and Attacks

leyo_5
Revolutionizing Energy Conservation with Cloud Computing and IoT

Revolutionizing Energy Conservation with Cloud Computing and IoT

truslow_c
Secure IoT Application Lifecycle Overview

Secure IoT Application Lifecycle Overview

viko563
IoT Value Roadmap and Key Use Cases Across Business Functions

IoT Value Roadmap and Key Use Cases Across Business Functions

ola_b
Introduction to Linux Workshop and History: A Brief Overview

Introduction to Linux Workshop and History: A Brief Overview

lei_sha
Overview of Windows Subsystem for Linux 2 (WSL2)

Overview of Windows Subsystem for Linux 2 (WSL2)

jeniveve
Introduction to Linux: Key Aspects and Application in Robotics

Introduction to Linux: Key Aspects and Application in Robotics

aglas
Overview of Windows Subsystem for Linux 2 (WSL)

Overview of Windows Subsystem for Linux 2 (WSL)

gruenwald_k

More Related Content