Unveiling Cyber Threats in IoT Environments

 
Myths and Truths:
Cyber Threat Hunting
and Intelligence in IoT
Environments
 
Ali Dehghantanha; www.AliD.info;  ALID@ALID.info
 
Who am I?
 
Nobody important, nobody special!
MC IIF and Dr. of SiC!
A classical career track (software developer,
security analyst, forensics investigator, higher
education, next?)
Blog
: 
www.alid.info
T
w
i
t
t
e
r
:
 
@
a
l
i
d
e
h
g
h
a
n
t
a
n
h
a
Email
: AliD@AliD.info
 
Goal: just to enjoy having a conversation!
 
What We Do?
 
Applied
 research in 
collaboration
 with 
EU-wide LEAs
and SMEs
 in cyber security, forensics and malware
analysis.
Some of our recent projects :
Automated detection of Crypto Ransomware in Android mobile
devices based on energy consumption footprints
Machine learning aided Android malware analysis
Automated detection of compromised ATM machines based on
their encrypted network communication
An anomaly-based intrusion detection and threat hunting in IoT
backbone networks
 
The Sliding Scale of Cyber Security
 
 
Image Source: Rob M Lee, Dragos Security
 
Where to Invest?!
 
IoCs, IoAs are NOT not Snort Rules!
 
Use 
IoCs to scope and hunt with IoAs 
but NOT for detection!
And throw them away after their short life time! Do NOT
treat your IoAs/IoCs as Snort rules!
CTI is very valuable BUT 
nothing costs more than bad intel
driving your processes
!
T
h
e
 
f
u
t
u
r
e
 
o
f
 
i
n
d
u
s
t
r
y
 
i
s
 
i
n
 
C
y
b
e
r
 
T
h
r
e
a
t
 
A
n
a
l
y
t
i
c
 
 
f
i
n
d
i
n
g
a
t
t
a
c
k
e
r
s
 
p
a
t
t
e
r
n
 
o
f
 
a
c
t
i
v
i
t
i
e
s
M
a
l
i
c
i
o
u
s
 
p
a
t
t
e
r
n
s
 
a
r
e
 
a
l
w
a
y
s
 
m
a
l
i
c
i
o
u
s
 
r
e
g
a
r
d
l
e
s
s
 
o
f
 
t
o
o
l
s
o
r
 
t
e
c
h
n
i
q
u
e
s
!
IT Security View of IoT/ICS Security
IoT/ICS environments are not having as many
users and not so many changes/update – so
should be easy to secure, right? Just do
following:
Deploy Anti Virus on your IoT/ICS
network!
Change default password and make more
complex customized password
Secure programming
Patch IoT/ICS devices (i.e. through HMI
or automatically)
 
AVs in ICS/IoT?
 
Does your AV scans ICS folder path;
ICS processes and ICS Registry
path? I bet not or better not!
 
The AV is not protecting ICS portion
of your network!
 
IoT/ICS Secure Programming Myth!
 
Unless you do it, you won’t know it!
Unknown input format
Unknown deployment context
Unknown date of first deployment
Should have no functionality flaw!
So many recovery options!
 
IoT & Complex, Unique Password
 
Which one is more risky:
1.
Your ICS operator can not remember the
password and since the password is
changed, the vendor can not remotely
connect too! So you can not timely
recover a faulty controller and restore the
operation.
2.
Russian hackers found vendor password
and remotely  get access to your
controller?
 
IoT/ICS Patching Curse!
 
What are we actually patching?
 
IoT/ICS Patching Curse!
 
90% 
of ICS vulnerabilities do NOT
increase  organisational risk (see: Dale
Peterson research in S4)!
Remote access to HMI port and root privilege
on PLC – so what?!
The big question is can you jump to
other places in the network (the
remaining 
10%
)?
 
How Easy It Is to Attack IoT/ICS
 
 
Image source: Webinar: End-to-End Cyber Security Strategies: Protecting Critical ICS Assets
 
Pyramid of Pain!
 
Pyramid of Pain
(
David Bianco- Mandiant)
 
AI & Cyber Threat Pattern Intelligence in IoT
 
IoT environments are having a 
huge number of nodes 
with 
very predictable
(rarely changing) pattern of behaviour and (usually )the main purpose of
compromise is pivoting to other nodes in the network (
visible out of norm
pattern
!)
An ideal environment for AI agents!
 
Image source: https://vpnservice.reviews/understanding-threat-intelligence-role-cyber-security/
 
Case Study1: Detecting Ransomware Based on Abnormal
Pattern of Activities
 
 
Case Study1: Detecting Ransomware Based on Abnormal
Pattern of Activities
 
 
Cerber
 
TeslaCrypt
 
Locky
 
Case Study1: Detecting Ransomware Based on Abnormal
Pattern of Activities
 
Cerber
 
TeslaCrypt
 
Locky
 
Case Study1: Detecting Ransomware Based on Abnormal
Pattern of Activities
 
 
Case Study2: Detecting Ransomware on IoT Nodes based
on Pattern of Power Consumption
 
raspberry pi power usage pattern with a normal application
 
raspberry pi power usage pattern when infected by a ransomware
 
Call for Arms
 
Regardless: We are looking for
collaboration!
 
And Still IoT Devices are at Risk
 
Source: @bruces
 
“At one point, the penetration into the [US] Chamber of
Commerce was so complete that a Chamber thermostat was
communicating with a computer in China. Another time,
chamber employees were surprised to see one of their
printers printing in Chinese
.”
21 Dec 2011 – ABC News!
 
   Thanks!
 
Blog
: www.alid.info
Twitter
: 
@alidehghantanha
Email
: 
AliD@AliD.info
Slide Note
Embed
Share

Explore the world of cyber threat hunting and intelligence in IoT environments through the eyes of Ali Dehghantanha. Discover myths, truths, and applied research projects in collaboration with EU LEAs and SMEs. Learn about the importance of threat intelligence, intrusion detection, and securing IoT/ICS networks against evolving cyber threats.

  • Cybersecurity
  • Threat Hunting
  • IoT Security
  • Cyber Threats
  • Threat Intelligence
kile_37
kile_37 Follow

Uploaded on Sep 23, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Myths and Truths: Cyber Threat Hunting and Intelligence in IoT Environments Ali Dehghantanha; www.AliD.info; ALID@ALID.info

  2. Who am I? Nobody important, nobody special! MC IIF and Dr. of SiC! A classical career track (software developer, security analyst, forensics investigator, higher education, next?) Blog: www.alid.info Twitter: @alidehghantanha Email: AliD@AliD.info Goal: just to enjoy having a conversation!

  3. What We Do? Applied research in collaboration with EU-wide LEAs and SMEs in cyber security, forensics and malware analysis. Some of our recent projects : Automated detection of Crypto Ransomware in Android mobile devices based on energy consumption footprints Machine learning aided Android malware analysis Automated detection of compromised ATM machines based on their encrypted network communication An anomaly-based intrusion detection and threat hunting in IoT backbone networks

  4. The Sliding Scale of Cyber Security Image Source: Rob M Lee, Dragos Security

  5. Where to Invest?! State sponsored hacking Funded hacking teams Architecture Passive Defence Threat Hunting Threat Intelligence Cyber Criminals Script Kiddies 0 2 4 6 8 10

  6. IoCs, IoAs are NOT not Snort Rules! Use IoCs to scope and hunt with IoAs but NOT for detection! And throw them away after their short life time! Do NOT treat your IoAs/IoCs as Snort rules! CTI is very valuable BUT nothing costs more than bad intel driving your processes! The future of industry is in Cyber Threat Analytic finding attackers pattern of activities Malicious patterns are always malicious regardless of tools or techniques!

  7. IT Security View of IoT/ICS Security IoT/ICS environments are not having as many users and not so many changes/update so should be easy to secure, right? Just do following: Deploy Anti Virus on your IoT/ICS network! Change default password and make more complex customized password Secure programming Patch IoT/ICS devices (i.e. through HMI or automatically)

  8. AVs in ICS/IoT? Does your AV scans ICS folder path; ICS processes and ICS Registry path? I bet not or better not! The AV is not protecting ICS portion of your network!

  9. IoT/ICS Secure Programming Myth! Unless you do it, you won t know it! Unknown input format Unknown deployment context Unknown date of first deployment Should have no functionality flaw! So many recovery options!

  10. IoT & Complex, Unique Password Which one is more risky: 1. Your ICS operator can not remember the password and since the password is changed, the vendor can not remotely connect too! So you can not timely recover a faulty controller and restore the operation. 2. Russian hackers found vendor password and remotely get access to your controller?

  11. IoT/ICS Patching Curse! What are we actually patching?

  12. IoT/ICS Patching Curse! 90% of ICS vulnerabilities do NOT increase organisational risk (see: Dale Peterson research in S4)! Remote access to HMI port and root privilege on PLC so what?! The big question is can you jump to other places in the network (the remaining 10%)?

  13. How Easy It Is to Attack IoT/ICS Image source: Webinar: End-to-End Cyber Security Strategies: Protecting Critical ICS Assets

  14. Pyramid of Pain!

  15. AI & Cyber Threat Pattern Intelligence in IoT Image source: https://vpnservice.reviews/understanding-threat-intelligence-role-cyber-security/ IoT environments are having a huge number of nodes with very predictable (rarely changing) pattern of behaviour and (usually )the main purpose of compromise is pivoting to other nodes in the network (visible out of norm pattern!) An ideal environment for AI agents!

  16. Case Study1: Detecting Ransomware Based on Abnormal Pattern of Activities

  17. Case Study1: Detecting Ransomware Based on Abnormal Pattern of Activities TeslaCrypt Cerber Locky

  18. Case Study1: Detecting Ransomware Based on Abnormal Pattern of Activities TeslaCrypt Cerber Locky

  19. Case Study1: Detecting Ransomware Based on Abnormal Pattern of Activities TPR FPR Accuracy Ransomware Detection Bagging 0.994 0.039 97.7% (seen ransomware) LSTM (unseen/new ransomware) 0.996 0.001 99.6% RandomForest 0.983 0.006 98.3% Family Detection LSTM 0.972 0.027 97.8% (unseen ransomware)

  20. Case Study2: Detecting Ransomware on IoT Nodes based on Pattern of Power Consumption raspberry pi power usage pattern with a normal application raspberry pi power usage pattern when infected by a ransomware Accuracy 83.70% KNN

  21. Call for Arms Regardless: We are looking for collaboration!

  22. And Still IoT Devices are at Risk Source: @bruces At one point, the penetration into the [US] Chamber of Commerce was so complete that a Chamber thermostat was communicating with a computer in China. Another time, chamber employees were surprised to see one of their printers printing in Chinese. 21 Dec 2011 ABC News!

  23. Thanks! Blog: www.alid.info Twitter: @alidehghantanha Email: AliD@AliD.info

Related


Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

Artificial Intelligence in Cyber Security: Enhancing Threat Detection and Response

annabelle
Cyber Data Breach Review_ A Comprehensive Insight with LDM Global in the USA

Cyber Data Breach Review_ A Comprehensive Insight with LDM Global in the USA

LdM
DoS Detection for IoT Networks Using Machine Learning: Study Overview

DoS Detection for IoT Networks Using Machine Learning: Study Overview

aqua
Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments

Cyber Threats and Security Controls Analysis for Urban Air Mobility Environments

adelheide
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

orangeinfomedia
IoT Privacy and Security in Addis Ababa Workshop 2019

IoT Privacy and Security in Addis Ababa Workshop 2019

kye
IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

joah
Cyber Security and Risks

Cyber Security and Risks

kathryn
Overview of Cyber Operations and Security Threats

Overview of Cyber Operations and Security Threats

joan
Cyber Threat Assessment and DBT Methodologies

Cyber Threat Assessment and DBT Methodologies

jgra
IoT Data Analytics Architecture for Real-World Use Cases

IoT Data Analytics Architecture for Real-World Use Cases

ksatt
Faster 5G-IoT Interworking Solution and Market Outlook

Faster 5G-IoT Interworking Solution and Market Outlook

ado_zec
Cyber Insurance SIG Achievements and Plans

Cyber Insurance SIG Achievements and Plans

shol
Mobile Issues and Cyber Threats in Nigeria - Presentation by Dr. J.O. Atoyebi, NCC

Mobile Issues and Cyber Threats in Nigeria - Presentation by Dr. J.O. Atoyebi, NCC

skyl_6
Internet of Things (IoT) in Vocational Education

Internet of Things (IoT) in Vocational Education

bro_g
Cyber Survivability Test & Evaluation Overview

Cyber Survivability Test & Evaluation Overview

gwe_pyb
Cyber Insurance - Emerging Risks and Threats in Today's Digital Landscape

Cyber Insurance - Emerging Risks and Threats in Today's Digital Landscape

paolucci_k
Understanding Cyber Threats in Today's Digital Landscape

Understanding Cyber Threats in Today's Digital Landscape

geto159
Revolutionizing Energy Conservation with Cloud Computing and IoT

Revolutionizing Energy Conservation with Cloud Computing and IoT

truslow_c
Secure IoT Application Lifecycle Overview

Secure IoT Application Lifecycle Overview

viko563
IoT Value Roadmap and Key Use Cases Across Business Functions

IoT Value Roadmap and Key Use Cases Across Business Functions

ola_b

More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#