November 21, 2019
Cybernews: If Aramco had our Antidrone…; and honeypots to make IoT malware stop!
Recently there was a Cyber News from the Dark Side item of oh-my-Gulf proportions. You’ll no doubt have heard about it as it was all over the news for days just recently. It was the drone attack on Saudi Aramco that took out millions of barrels of crude per day and caused hundreds of millions of dollars in damage.
Alas, I’m afraid this is only the beginning. Remember those drones bringing Heathrow – or was it Gatwick? – to a standstill a while back? Well this is just a natural progression. There’ll be more, for sure. In Saudi, the Houthis claimed responsibility, but both Saudi and the US blame Iran; Iran denies responsibility. In short – same old saber-rattling in the Middle East. But that’s not what I want to talk about here – that’s geopolitics, which we don’t do, remember? ) No, what I want to talk about is that, as the finger-pointing continues, in the meantime we’ve come up with a solution to stop drone attacks like this one on Aramco. Soooo, ladies and gents, I hereby introduce to the world… our new Antidrone!
So how does it work?
The device works out the coordinates of a moving object, a neural network determines whether it’s a drone, and if it is, blocks the connection between it and its remote controller. As a result the drone either returns back to where it was launched, or it lands below where it is up in the sky when intercepted. The system can be stationary, or mobile – e.g., for installation on a motor vehicle.
The main focus of our antidrone is protection of critically important infrastructure, airports, industrial objects, and other property. The Saudi Aramco incident highlighted how urgently necessary such technology is in preventing similar cases, and it’s only going to become more so: in 2018 the world market for drones was estimated at $14 billion; by 2024 it’s forecast to be $43 billion!
Clearly the market for protection against maliciously-minded drones is going to grow too – fast. However, at the moment, our Antidrone is the only one on the Russian market that can detect objects by video using neural networks, and the first in the world to use laser scanning for tracking down the location of drones.
And now for the other item in the title of this post: honeypots…
Now, what is the situation these days with malware on IoT devices? Very simple: very bad, as IoT maliciousness is right behind the development of IoT technology itself. More IoT > more cyberattakcs. Moreover, the relationship between the quantity and variety of devices and the malware of attackers isn’t linear – it’s a lot worse; for the situation with IoT security is real bad. I’ve mentioned this plenty before.
We’ve been observing IoT-attacking malware since 2008. One of the ways we’ve been doing this is by using special traps, called honeypots (not to be confused with honeypots for spies:). These traps simulate real, vulnerable systems, which attract maliciousness like flies to ****, if you’ll pardon my French, and once we get hold of it we dissect it and develop the necessary protection (including proactive).
Over the last dozen years we’ve built up a whole infrastructure of honeypots, which is constantly growing and being optimized. For example, every now and again we change the IP addresses of our traps, since botnet owners track honeypots and after a while they train their kit to bypass them. Moreover, lists of IP addresses of honeypots are traded on the darknet.
Recently we recently published the results of our unique research into IoT malware, which research lasted a whole year.
We placed more than 50 honeypots around the world, which on average were attacked around 20,000 times every 15 minutes. In all in the first half of 2019 we detected 105 million attacks from 276,000 unique IP addresses. To compare, in 2018 over the same first half-year period, we detected just 12 million attacks from 69,000 IP addresses. The main sources of infections for the first half-year of 2019 were Brazil and China. Behind them, Egypt, Russia and the US. And the total number of active infected IoT devices remains large: every month tens of thousands of devices try to distribute malware using password brute-forcing and other vulnerabilities.
The Internet of Things is growing at crazy speed – just as its threats are. So we’re planning to broaden our capability of uncovering and studying those threats. Familiarity with threats is one of the key elements in providing cybersecurity, and our ‘honeypots as a service’ is ripe and ready. We collect and clusterize incoming connections, and all processed data becomes available in near-as-darn-it real time. Interested? Write us!