CyberX finds initial Internet of Things worm that focuses at CCTVs

Cybersecurity provider for the industrial IoT  (IIoT) CyberX revealed Thursday the first Internet of Things (IoT) worm which is aimed at Closed-Circuit Television devices.

The malware marks a new level of IoT attacks, only days after another advanced attack on IoT devices was declared as “no longer a hypothetical attack” at DEF CON 2016. These discoveries come at a time when Internet-connected devices are growing at an exponential rate due to the proliferation of IoT platforms such as PTC’s ThingWorx and General Electric’s Predix, and the corresponding consequences of attacks are estimated to be hundreds of millions of dollars.

The CyberX research team started investigating RADIATION following a notification which was generated by XSense, the company’s solution for industrial IoT environments. The team also discovered that RADIATION was already utilized to inflict DDoS attacks. One of its victims include SKAT, the Danish Customs and Tax Administration.

The malware was revealed as part of the research of a global cyber security campaign, dubbed RADIATION by the CyberX research team. The uniqueness of this campaign can be attributed to the targeting of IoT devices and the enhancement of an existing family of malware for that purpose.

XSense has been designed and built as a situational-aware platform that seamlessly connects to an existing setup and acts as an invisible layer that models the OT Network as a state machine. Continuously monitoring the network, XSense collects real-time data, ensuring detection of unfamiliar activity using its machine learning, modeling abilities and state machine design. Be it a cyber-attack, an operational malfunction or a tampering incident, XSense secures the OT Network by providing unprecedented detection capabilities and visibility.

The dashboard allows operators to handle real-time cybersecurity and operational incidents. XSense displays alerts and provides analysis and diagnostics tools related to security and operational events. The alerts are aggregated in the dashboard and include actionable information allowing operators to run real-time analysis of incidents.

XSense’s automatic asset discovery provides a logical (connectivity) based view of the assets within the OT Network with the ability to get a geo-location based view. Each element within the network includes all the data required for inventory management, including IP, Type, Protocols identified and status.

XSense allows to perform real-time and historical analysis and investigation of incidents in the OT Network. Running forensics on traffic, which was collected by XSense, provides the operator with visibility and insight into both operational and security events in the OT Network.

The malware infected organizations in multiple industries, with the highest number of victims residing in Taiwan, US and Israel. The RADIATION campaign is categorized as an IoT Distributed Denial of Service (DDoS) campaign. The discovery of RADIATION comes only days following a demonstration of another advanced IoT attack, which was referred to as the “first ransomware for IoT thermostats” in DEF CON 2016.

“This event is a cornerstone in the evolution of IoT security. These advanced threats are shaping before our very eyes, and should not be taken lightly,” said Omer Schneider, CEO & Co-Founder of CyberX. “RADIATION demonstrates the continuously evolving skillset of attackers. It is only the beginning of what we believe to be the dawn of IoT cyber campaigns,” said Nir Giller, CTO & Co-founder of CyberX. “Ranging from manipulation of infusion pumps to ransomware for IoT thermostats, IoT environments are becoming high value targets.”

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.