Skip to main content
SpringerLink
Log in
Book cover

Cyber and Digital Forensic Investigations pp 5–29Cite as

Defending IoT Devices from Malware

  • Chapter
  • First Online:

Part of the book series: Studies in Big Data ((SBD,volume 74))

Abstract

As the number of internet users continues to grow, so do the numbers and types of devices people connect to; hence, a larger attack surface. For example, the Qbot and Mirai botnet malware are capable of infecting devices across different chipset architectures, and both malware were reportedly responsible for a number of high profile DDoS attacks in recent times. These two malware families (and many others) generally affect a broad range of consumer grade appliances, and many of these appliances (also referred to as devices) are insecure or not designed with security in mind. While researchers have focused on areas such as attacking the botnet owner’s payment infrastructure, reversing the botnet and using it as a countermeasure in grey-hat counterattack, etc., there are many more questions that have not been addressed. For example, are users putting too much trust in manufacturers and failing to take adequate measures to protect their own networks? Hence, in this paper we investigate two most popular families of Internet of Things (IoT) malware, Mirai and Qbot, to understand how they spread, what attacks they are capable of, who could be responsible, and what are the motivations of the threat actors. We also propose an efficient solution to scan for Mirai- and Qbot-related vulnerabilities in IoT devices and systems. We then study what companies can do to help protect themselves from attacks. Simple steps such as correctly configuring appliances, carrying out risk assessments and creating an action plan are discussed as proactive measures that could be taken to facilitate threat reduction and incident response.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   139.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   179.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   179.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Krebs on Security: Cowards Attack Sony PlayStation, Microsoft xBox Networks. http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-microsoft-xbox-networks/ (2014). Accessed 27 June 2019

  2. HackRead: The Mirai botnet: what it is, what it has done, and how to find out if you’re part of it. https://www.hackread.com/mirai-botnet-ddos-attacks-brief/ (2016). Accessed 27 June 2019

  3. MalwareTech: Mapping Mirai: a botnet case study. https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html (2016). Accessed 27 June 2019

  4. YouTube: Jihadi x tutorials. https://www.youtube.com/channel/UCXM4xUOmJk3Px2qiG9x1ygg (2017). Accessed 27 June 2019

  5. Goudbeek, A., Choo, K.-K.R., Le-Khac, N.-A.: A forensic investigation framework for smart home environment. In: 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-18), New York, Aug 2018. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00201

  6. Alabdulsalam, S., Schaefer, K., Kechadi, M.-T., Le-Khac, N.-A.: Internet of things forensics: challenges and case study. In: Gilbert, P., Sujeet, S. (eds.) Advances in Digital Forensics XIV. Springer Berlin Heidelberg, New York (2018). https://doi.org/10.1007/978-3-319-99277-8_3

  7. Jerkins, J.A.: Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, 9–11 Jan 2017

    Google Scholar 

  8. Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services. http://damonmccoy.com/papers/www2016-booter.pdf (2015). Accessed 27 June 2019

  9. Botnet Detection: Honeypots and the Internet of Things. https://msmis.eller.arizona.edu/sites/msmis/files/documents/sfs_papers/ryan_chinn_sfs_masters_paper_0.pdf (2015). Accessed 27 June 2019

  10. CVE: CVE-2014-9222. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9222 (2014). Accessed 27 June 2019

  11. Linke, A., Le-Khac, N.-A.: Control flow change in assembly as a classifier in malware analysis. In: 4th IEEE International Symposium on Digital Forensics and Security, Arkansas, Apr 2016. https://doi.org/10.1109/ISDFS.2016.7473514

  12. Github: Mirai Source Code. https://github.com/jgamblin/Mirai-Source-Code (2016). Accessed 27 June 2019

  13. Malware Must Die: MMD-0056-2016—Linux/Mirai, how an old ELF malcode is recycled. http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html (2016). Accessed 27 June 2019

  14. Splunk: Analyzing the Mirai Botnet with Splunk. https://www.splunk.com/blog/2016/10/07/analyzing-the-mirai-botnet-with-splunk/ (2016). Accessed 27 June 2019

  15. Bijalwan, A., Wazid, M., Pilli, E.S., Joshi, R.C.: Forensics of random-UDP flooding attacks. J. Netw. 10(5), 287 (2015). https://doi.org/10.4304/jnw.10.5.287-293

    Article  Google Scholar 

  16. Hot Hardware: Mirai IoT DDoS Botnet Source Code Reveals Specific Targeting of Valve Source Engine Games on Steam. https://hothardware.com/news/mirai-iot-ddos-botnet-source-code-targets-valve-source-engine#WvZOQVKi252ACL1t.99 (2016). Accessed 27 June 2019

  17. Secure64: Water Torture: A Slow Drip DNS DDoS Attack. https://secure64.com/water-torture-slow-drip-dns-ddos-attack/ (2014). Accessed 27 June 2017

  18. Bogdanoski, M., Shuminoski, T., Risteski, A.: Analysis of the SYN flood DoS attack. J. Comput. Netw. Inf. Secur. 8, 1–11 (2013). https://doi.org/10.5815/ijcnis.2013.08.01

    Article  Google Scholar 

  19. DDOS-GAURD, ACK & Push ACK Flood: https://ddos-guard.net/en/terminology/ack-push-ack-flood. Accessed 27 June 2019

  20. Security Week: What’s the Fix for IoT DDoS Attacks? http://www.securityweek.com/whats-fix-iot-ddos-attacks (2016). Accessed 27 June 2019

  21. F5 Labs: Mirai: The IoT Bot That Took Down Krebs and Launched a TBPS Attack on OVH. https://f5.com/labs/articles/threat-intelligence/ddos/mirai-the-iot-bot-that-took-down-krebs-and-launched-a-tbps-attack-on-ovh-22422 (2016). Accessed 27 June 2019

  22. Github: Qbot Source Code. https://github.com/gh0std4ncer/lizkebab/blob/master/server.c (2015). Accessed 27 June 2019

  23. Eduard, K.: BASHLITE Botnets Ensnare 1 Million IoT Devices. Security Week, 31 Aug 2016. http://www.securityweek.com/bashlite-botnets-ensnare-1-million-iot-devices (2016). Accessed 27 June 2019

  24. Malware Must Die: MMD-0052-2016—Overview of “SkidDDoS” ELF++ IRC Botnet. http://blog.malwaremustdie.org/2016/02/mmd-0052-2016-skidddos-elf-distribution.html#gayfgt (2016). Accessed 27 June 2019

  25. Krebs on Security: Lizard Stresser Runs on Hacked Home Routers. https://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/#more-29431 (2015). Accessed 27 June 2019

  26. Le-Khac, N.-A., Jacobs, D., Nijhoff, J., Bertens, K., Choo, K.-K.R.: Smart Vehicle Forensics: Challenges and Case Study. Future Gener. Comput. Syst. (2018). https://doi.org/10.1016/j.future.2018.05.081

  27. Efa: Raspberry Pi Image: Changes Made to Original Diagram Include the Addition of a Flow Chart and a Switch with LCD Screen. https://en.wikipedia.org/wiki/File:RaspberryPi_3B.svg, https://creativecommons.org/licenses/by/3.0/ (2016). Accessed 24 April 2020

Download references

Author information

Authors and Affiliations

  1. Irish Defence Forces, Newbridge, Ireland

    William O’Sullivan

  2. University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. University College Dublin, Dublin, Ireland

    Nhien-An Le-Khac

Authors
  1. William O’Sullivan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nhien-An Le-Khac
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to William O’Sullivan .

Editor information

Editors and Affiliations

  1. School of Computer Science, University College Dublin, Dublin, Ireland

    Nhien-An Le-Khac

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

O’Sullivan, W., Choo, KK.R., Le-Khac, NA. (2020). Defending IoT Devices from Malware. In: Le-Khac, NA., Choo, KK. (eds) Cyber and Digital Forensic Investigations. Studies in Big Data, vol 74. Springer, Cham. https://doi.org/10.1007/978-3-030-47131-6_2

Download citation

Publish with us

Policies and ethics

Search

Navigation