SPAM EMAILS
The rapid progress of Internet of Things has facilitated the mankind to work with dierent types
of smart devices, especially in the form of smart appliances which have oered unprecedented
levels of automation in “smart homes”. Like other computer hardware, these devices are
connected to the internet and can benefit you greatly. For instance, your appliances can send
and receive emails. However, if a hacker breaches through your smart appliance by using an
attack vector like spam emails, then the can convert it into an email server. There is already
the infamous report from Proofpoint which showed how a smart refrigerator got hacked and
became exploited to such an instant that several malicious emails were sent through it without
the owners knowing anything about it.
The security expert from Proofpoint performed an analysis of spam emails. In the study, it
was discovered that almost a quarter of the victims did not happen to come from desktop PCs
or laptops. Instead, they turned out to be from the “things”.
The study found out more than 100,000 unique IP addresses from the Internet of Things
devices. Further research explained that these IoT devices did not only include the expected
networking devices like NAS and routers but there were clear indications about unconven-
tional sources like televisions, multi-media centers, and even a refrigerator. This means we are
now in an era where you have to protect yourself from a refrigerator!
The exploitation of smart appliances has raised possibilities of hackers exploiting them to
misuse the data in a workplace. A cybercriminal group is waiting for users to initiate a remote
connection of RDP while even looking into their refrigerators can place them in trouble.
How to identify Spam Email and what are the steps one should take to avoid such
emails coming into the inbox?
Flash Question
RANSOMWARE
Ransomware is a type of malicious malware which after infecting a computer, takes complete
control of the system and locks down the data. After the denial of access, the cybercriminal
demands a ransom in return for access to data. Users are then provided with a guide about how
to pay the ransom and how can they use the decryption key to unlock the locked data.
How Ransomware Works?
Ransomware uses dierent attack vectors in order to breach into systems. One of these attack vectors
is the use of phishing techniques. In such an attack, a cybercriminal group—under a disguise—sends
an email to a user and encourages them to click a link or download a malicious file attachment.
In the past, cybercriminals have faked their identities in dierent ways to force their victims
to download their malicious files. For example, once a cybercriminal group circulated a U.S.
court notice to users where they were ordered to pay a fine. As the users download the attached
document for confirmation they got hacked. Similarly, they have acted as law enforcement
agencies. There are those who use the name of well-known brands like FedEx to spread
Chapter 11 Security Challenges for IoT 277
Internet_of_Things_CH11_pp271-308.indd 277 9/3/2019 10:16:19 AM
ransomware. Last year, cybercriminals even tried to use the name of another business and
contacted desperate unemployed professionals who were then hacked.
The file attachment contains a malicious file, typically a Word or Excel document. Once
a user downloads them and opens them, it contains macros which execute a script in the
computer.
Dangerous Websites Link
Spam Email
Malware
Installed
Download Attachment
Infect Other Network Devices
Pay Ransom to get
Access to Computer
Pay Money
or
The script then ensures that all the anti-ransomware tools are rendered useless. Afterwards,
a communication is set up with the C2 server which then loads all the components of the
ransomware into the PC of the victim. One module begins to change the system setting and
alters registry keys. These settings ensure that if a user restarts the computer, the ransomware
remains.
At the same time, the ransomware runs a scan of the stored files of the user. After the files
are located, the ransomware begins applying encryption on these files; they include photos,
videos, documents, database files, .exe files, and all the other file formats. Usually AES and RSA,
two extremely strong cryptographic algorithms are implemented by the cybercriminals to lock
these files. After the encryption is completed, an extension usually the name of the ransomware
is added into the end of the locked file. For example, a file named “myphoto.jpg” is converted
into “myphoto.jpg.ransomwarename”.
As a consequence, users are unable to open, delete, and access the locked files. Moreover,
the hackers also delete shadow copies which make it dicult to restore these files. Afterwards,
usually the desktop of the hacked computer presents new wallpaper and a text file is added by
the cybercriminals in the desktop and other computer folders. This text file is popularly known
as the ransom note.
Typically, a ransom note begins with the admission that they attacked and locked the data
of the victim. It is followed by a ransom demand upon the completion of which the hackers
promise the return of a decryption key. This key can unlock the locked data. The rest of the note
strictly discourages the user to use cybersecurity assistance or tools with a threat of permanent
data removal. An email address of the attacker is also included to contact them.
278 Internet of Things
Internet_of_Things_CH11_pp271-308.indd 278 9/3/2019 10:16:19 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.