Sadly, (or luckily?), the large-scale threats that struck the world in the past week were human made, and they gives us some insight on what an IoT cyber-warfare could look like if it erupted.
Ransomware Costed Atlanta Over $10M in Repairs so far
Last March Atlanta suffered a major cyber-attack that initially caused $2.7M in clean-up costs and repairs. The method? The devastating SamSam ransomware, which crackled the city’s network for weeks.
The attackers crippled the city’s basic services by encrypting crucial data and demanding $50,000 in ransom to unlock the systems.
Most digital processes and services were down: 140 applications were affected, the city Attorney’s office lost 10 years of documents and 71 computers, even the police forces suffered the impact with years of dashcam footage lost.
The initial $2.7M budget didn’t last, and an extra $9.5M were proposed to recompose the infrastructure of fallen software programs. During the first assessment, officials concluded no major application had been affected, but in reality about 30 percent of the total had been tackled by SamSam. What’s more, 30 percent of the affected programs are considered “mission critical”, and affect core services such as the city’s courts.
Atlanta’s Information Management head Daphne Rackley added that the damages were ‘a lot more, and they seem to be growing every day’ as they continue to assess and repair.
These sort of events spark some nasty but necessary questions: is the state ready to tackle these sort of attacks? What is the state of the backup infrastructure behind a city’s services, and how easy can it be crippled? Public offices using obsolete systems and out-of-date protocols will slowly emerge as a threat if not properly assessed.
VPNFilter Botnet Escalates and Targets More Models
Remember last week’s GOT(IT) when we talked about the VPNFilter router malware? The monstrous IoT botnet? The one that you had to restart all routers to prevent? Well, it didn’t stop with the FBI’s intervention, and instead Cisco’s Talos Intelligence group reported that it’s growing and targeting new devices.
According to the update, the malware that targeted a couple dozen of router models is now capable of infecting at least 56 more models from Asus, Huawei, ZTE, and other major manufacturers.
That’s not all! The good ol’ ‘turning it off, and on again’ didn’t do the trick, because it seems there are other elements in the malware that possibly allow the VPNFilter’s restoration after a power reset. So, what steps can you take as prevention?
Make sure your router has been receiving its firmware updates, and if possible, do a hard-reset and re-configure credentials, port forwarding, and interfaces such as FTP and UPnP. VPNFilter’s attack exploits old passwords and out-of-date exploits, so dust-off the log in and clean up your network, just in case!
The IoT scares never end, but hey, it’s probably great for Black Mirror’s writers!