IoT attacks increased by 900% in 2019. So, why are hackers increasingly targeting IoT devices? There are several explanations:
Lack of security software on the devices: Opposed to regular computers, IoT devices do not have a firewall or virus scanner.
Less experienced device producers: The businesses usually come from the industry vertical and often are lacking the IT security expertise of servecomputer manufacturers.
Multiple devices with the same security mechanisms: Once an attack works with one device it will work with thousands.
IoT devices are out of reach: device owners deploy their machines remotely. Often an owner won’t realize that the devices have been compromised until it is too late. Once an attacker has control over a device, it could run all day long before being physically shut down by the owner.
Who Are the Attackers and What Motivates Them?
Amateur hackers and script kiddies – usually their objective is fame among their peers, either by targeting a high-profile victim or by demonstrating an ability to infect many devices in a single attack.
Governments/Intelligence organizations – acting in the safety of their citizens, intelligence agencies attempt to secure access to important information.
Political interest groups – they attack organizations that they think are morally corrupt. Examples are groups like anonymous.
Criminal businesses – organizations that take advantage of vulnerabilities within the target to generate revenue for themselves.
The criminal businesses mentioned above are typically set up as ordinary businesses and are especially relevant in the IoT domain. Their objective is to gain control over a large number of IoT devices and make money out of them, often in one of the following ways:
Selling Distributed Denial of Service attacks – like webstresser.org (more information via Forbes)
Using devices for Bitcoin mining (more information via CNBC)
Blocking the device operation until the owner pays a ransom (ransomware)
How Do IoT Attacks Work?
The most common IoT attack today is the Mirai malware, which originated in 2016. The malware scans the public internet for IoT devices and tries to establish a remote telnet connection using a list of common factory default usernames and passwords. As soon as one device is infected, the malware begins scanning for more victims. All devices become part of the Mirai botnet which is then steered through the attacker’s command and control center. The attackers then execute a DDoS attack, on behalf of their customers, to a target destination in order to take down the servers of the victims.
The Stuxnet computer worm was first uncovered in 2010. The malware first injects Microsoft Windows machines exploiting zero-day exploit or outdated OS versions; initially it spread over USB flash drives. On the Windows machine it looks for the Siemens Step7 software that controls the Siemens programmable logic controller (PLC). With the Step7 software it then installs itself on the IoT device and takes over control. Stuxnet once targeted Iranian facilities and reportedly severely harmed the Iranian atomic program.
While Brickerbot was discovered in 2017 and Silex appeared in 2019, they have a common attack pattern. Like Mirai, the software scans the public internet and tries to log in to the IoT device with default and weak login and password combinations. After infection, the software overwrites all data and deletes the network configuration, which makes the IoT device unusable, unless someone can physically get a hand on the device.
Countermeasures to Guard Against Attacks
As seen in the Stuxnet attack, IoT devices in the same network as other machines can be impacted by the vulnerabilities of those other machines. To avoid this, using a dedicated network infrastructure is recommended, instead of using shared LAN or Wi-Fi networks. Alternatively, using cellular communication that separates the communication of the different machines is also preferred. The Mirai and Silex / Brickerbot malware show the value of having random and unique log-in credentials for the different devices – this could have prevented the above-mentioned attack. While the devices allowed for remote access by their owners, the access was granted via the unsecured public internet. A more secure way to get remote access to IoT devices is to use IPSec or Intra-Cloud Connect, avoiding the exposure of public Internet. One way to prevent attempts to steal remote access to IoT devices, as well as completely block attacks, is to use a cellular firewall. With a cellular firewall, devices are only permitted to communicate with a defined subset of IP addresses. The firewall itself is not located on the individual devices, rather on the cellular connection – out of the attacker’s control.
Key Takeaway: Security First
While the excitement surrounding the brimming potential of IoT connectivity is understandable–and warranted–overlooking IoT device security can prove catastrophic. A robustly secured IoT solution is one that can safely scale globally, enable groundbreaking solutions, and last for years to come. Originally published by EMnify -| August 12, 2020 iot for all
How Ransomware Encryption Happens & 4 Methods for Recovery
We know how overwhelming it can feel to be the victim of a ransomware attack and how your business cannot operate due encrypted or locked files. This page delivers insight on why your files were encrypted or locked, and the options you have to decrypt ransomware. As a ransomware recovery service provider, we have helped thousands of clients successfully recover their data and decrypt their data. Evaluating all options will include analyzing the encrypted files, and the least desirable option to pay the ransom demand if necessary. Our process helps provide critical insight into decrypting ransomware and the available options that clients have. By the end of this piece, it is our goal to show you what is involved to successfully recover your files. This guide outlines what steps and research are necessary to decrypt or unlock your files from a ransomware attack.
You’re the victim of a ransomware attack
You arrive to work and start noticing suspicious alerts coming from your servers, and none of the databases are functional. Your co-workers are frantic and cannot access any of their data. You investigate further and find all of the files on your network are renamed and discover ransom notes, and a screen asking you to email someone if you want your data back. You finally realize that you are a victim of a ransomware attack, and all of your files are locked or encrypted.
3 Common Ways Your Files Were Encrypted or Locked
Ransomware succeeds when businesses have poor security hygiene. Organizations that lack policies & procedures around data security will have a higher risk of ransomware attacks. Here are some of the most common ways to fall victim to a ransomware attack:
Open Remote Desktop Protocol Ports (RDP)
Businesses that have improperly configured network security may leave their Remote Desktop Protocol (RDP) ports open. Unknowingly, this is the equivalent of leaving the front door unlocked when you leave your home: it provides an opportunity for cyber attacks to come through with little deterrence. Once a hacker is connected to your network, they can install ransomware and additional back doors to access your network at a later date. A large percentage of ransomware attacks still use this method of attack because so many organizations are not even aware of this security vulnerability.
Ransomware can infiltrate your network by a malicious email campaign known as a phishing attack. Ransomware operators use massive networks of internet-connected devices (botnets) to send phishing emails to unsuspecting victims. These emails intend to trick the receiver into clicking on a malicious attachment or link, which can secretly install the ransomware virus or other malware. Phishing emails are becoming increasingly difficult to detect as cybercriminals find clever ways to make a malicious email look legitimate. This underscores the importance of security awareness training for everyone in the organization, not just the I.T. department.
The ransomware operators may have used previously compromised passwords from employees at your organization to gain unauthorized access to the networks. This derives from the poor security practices of reusing the same passwords for multiple accounts and authentication processes. If your employees have been using old & weak passwords to access your business data, a cyber criminal can use a previously compromised password to initiate the attack. Remember to always to follow good password hygiene. The variety of attack vectors highlights the importance of a digital forensics investigation that can help victims understand how the ransomware came onto your computer and what steps you can take to remediate the vulnerability.
4 Options for Ransomware Recovery
In this section, we cover the options to restore files encrypted or locked by ransomware.
1. Recover files with a backup
If your files become encrypted in a ransomware attack, check to see if you have backups to restore and recover (in order).
Off-site or offline backup. Having your backup stored in the cloud or offline would protect the data from the virus since it is not accessible at the time of the attack.
Check your Windows Shadow Copies. Even though most ransomware will delete Windows Shadow Copies, you might get lucky and find them intact.
Check your on-site backups. We observe that most on-site data is either manually deleted by the attacker, or encrypted by the ransomware virus.
2. Recreate the data
Even though your files are encrypted by ransomware, you might be able to recreate the data from a variety of sources as outlined below:
Recreate the data from paper copies. When you have clean systems and physical copies of your data, you can re-enter the data manually from paper copies into your computers and servers.
Piece together data from email. Email exchanges are a great way to salvage some of your data from email attachments.
Database mining. Some ransomware variants only encrypt a small part of a database or backup files so you can pull out good, usable data.
3. Breaking the ransomware encryption
The harsh truth is that the majority of ransomware encryption is unbreakable. This impossibility is a tough concept for many of us to accept, given the technological advances of our society. Does this mean you should skip looking into whether the ransomware encryption can be broken? This option should always be explored if presented by a ransomware recovery firm, although the final choice is yours to make. We will lay out a real life example at Proven Data below to outline why this was a great decision for a company that was infected with ransomware. While it tends to be rare, there are poorly constructed ransomware encryptions that have been broken by security researchers. If you can avoid paying a ransom, you should at all costs. There can be flaws in the malware or weaknesses in the encryption. Businesses can look at these options, especially if time is on your side. There are also free ransomware decryption resources that provide tools for previously decrypted ransomware variants. A client of ours had hired a ransomware recovery company to recover their files until we discovered at the very last moment through our analysis that the encryption was breakable. With less than 20 minutes to spare, we saved the client out of paying a $450,000 ransom.
Why can’t most ransomware encryption be broken?
Ransomware is a cryptovirus, which means it uses cryptography in combination with malware to lock your files. Modern cryptography uses sophisticated mathematical equations (algorithms) and secret keys to encrypt and decrypt data. If strong encryption is used, it can take thousands, if not millions of years to break the encryption given the strength of today’s computers. Encryption is a security tool created with the intent of data protection. It is a defensive tool to provide security, privacy, and authentication. Sadly, ransomware attackers are using it as a weapon against innocent victims.
How do I know if the encryption can be broken?
You can start off with this free ransomware identification resource to determine the feasibility of decryption. You will need to upload the ransom note and a sample file into the ID-Ransomware website, and it will tell you if there is a free decrypter or if it is an unknown ransomware variant. Please note that the tool is not always 100% accurate. If the variant is still under analysis, you will need a malware or encryption analyst to determine whether or not there is a possibility for decryption. Encryption is designed to be unbreakable, which is why security researchers can’t simply make a tool for ransomware decryption. These unbreakable encryptions protect our bank accounts, trade secrets, government data, and mobile communications, among other things. It would be a significant security concern if there were a master decryption tool that could break encryption algorithms.
4. Paying the ransom to decrypt ransomware files
If the encryption is too strong, the only way to obtain the decryption key for your files is to pay the ransom. Many ransomware victims don’t have time on their side because they are facing significant business disruption. Each minute that passes could be a lost client, or worse for a medical organization. Here is a list of the most prevalent ransomware variants that are known to be “cryptographically secure,” which means that Proven Data or the security community has confirmed the encryption is unbreakable:
I don’t want to pay the hackers ransom.
Businesses and individuals have the option of choosing not to pay the ransom in a ransomware attack to regain access to their files. For personal, political, or moral reasons, there has been resentment of the ransomware economy, and victims do not have to engage in extortion. If paying the ransom is the only option, you should know what to expect before considering moving forward.
How a ransomware recovery specialist can help
If you do decide to use a ransomware recovery company and if there is one thing you get out of this article, it is this: You should always question how a ransomware recovery company is recovering your data. If you are unsure, asking the right questions will ensure a transparent experience:
How are you recovering my locked / encrypted data?
How much will ransomware recovery cost?
Do you have experience with this variant?
A ransomware recovery specialist can analyze your current situation and determine what options are available to you at the time of the inquiry. A competent and experienced ransomware recovery company should be able to provide the following:
Understanding the ransomware variant and what to expect
Malware analysis to determine if the encryption can be broken
Consultation on the attack vector which caused the attack and preventative methods
Digital currency readily available to facilitate the ransom payment expeditiously
Modification of non-functioning or poorly-functioning decryption programs that are causing delays in decrypting your files
Repairing damaged databases or files
Understanding how your files were affected by ransomware in the first place will provide you with the insight needed to prevent another attack. Whether you choose Proven Data or another company to decrypt your ransomware files, it’s important to know what unknowns there may be out there. Our threat intelligence that we’ve gathered from the thousands of previous cases enable you to make informed decisions in helping restore your data after a ransomware attack. If you require a company with such experience, we’re standing by to assist 24/7.
Why is the RandomX algorithm being hyped to the moon?
TL;DR: don't assume the average return from mining RandomX will be higher than the current CryptonightR algorithm. Hold back your excitement for now. I think we all need to bring something to our attention. Over the last month, there have been so many topics and comments here on MoneroMining about the new 'RandomX' algorithm. This algorithm is supposed to be launched a couple of months from now. There are many questions like "is this a good hashrate for my CPU"? "What's your power usage on RandomX"? "How can I tune my CPU for RandomX"? "How would the algorithm perform on this hardware"? I think these are great constructive comments that are at the heart of what miners stand for. We miners love optimizing our rigs and educating ourselves on technological trends. But I've noticed many questions such as "what parts should I buy for a RandomX mining rig"? "Is an AMD Ryzen 9 3900x a good investment"? "What parts will give me the most profit when RandomX launches"? Many of these questions are asked with very little research. I think there's a gold fever brewing behind some of these comments. The kind of motives that have bankrupted many miners in the past bubbles. As we have seen in 2014 and 2018, anybody who enters the crypto industry with an 'I want easy profit' attitude almost always goes bankrupt. They buy coins or hardware at the peak of the bubble. Sometimes they get lucky and sell their coins or rigs right before the crash (only to get burned in a future bubble later). But most of the time, these new users lose most of their investment. As a veteran miner, a lot of alarm bells ring in my head when I read these kinds of RandomX hype posts. I have no reason to think CPU mining will be more profitable on RandomX than on the current CryptonightR.
If the new AMD CPUs are very efficient on RandomX, that just means more people will buy them, driving up the difficulty. Your shiny R9 3900x's profit will start falling because it's no longer as competitive against the other hardware on the network.
If the profits on day 1 of the RandomX launch are indeed high, more people will start adding rigs to the network. If the average miner's profit is above the equilibrium of the market, it will start going down. That equilibrium is largely set by botnets, large scale farms in China/Russia/Niagara Falls/Georgia, and datacenters with spare capacity. So if your R9 3900x earns $10/day on day 1, you can count on that golden streak ending soon.
CPU mining as a market is never stable. Your CPU rig is limited tojust 1 or 2 coins: Monero and Veruscoin. Edit: there are a few more CPU coins than these. AMD GPUs can at least mine 3 or 4 coins well, while nVidia GPUs are the best at 5-10 different algorithms. GPU mining is a safer, less risky investment. GPU mining is like playing blackjack. Building a rig specifically for CPU mining is like tossing a coin. You're locked into one coin by building a CPU rig. Yes, it has resale value to gamers, but it's much harder to resell a MOBO combo than a bunch of GPUs at any price. Trust me, I've sold hundreds of GPUs and dozens of MOBOs before!
I don't know what the market share of CPUs vs. GPUs on CryptonightR is right now. But if most of the current nethash is made up of CPUs, these CPUs will have no choice but to switch to RandomX when it is out. There's no other coin for them to mine, unless they have some work to do outside of mining. So almost all of them will get onto the RandomX network, too, along with your expensive new CPU rig. I think this'll be the biggest factor driving up difficulty. Yes, the older CPUs might not be as efficient as the new Ryzens, but many of them are already paid for in terms of capital (like in a datacenter) or have free power (like in a botnet or apartment with free power).
You might say that Monero will always be profitable enough because it has survived so long, or the developers are better, or they're taking action against ASICs. But that doesn't necessarily guarantee profit. Monero might be a successful coin and overtake ETH, but that has nothing to do with profit on the network. Even though Bitcoin's really successful, you're guaranteed to lose money if you buy the latest Antminer and run it at residential power rates. Meanwhile, Dogecoin back in the day had awesome profits even though it was a blatant fork of LTC with few improvements.
Your new RandomX rig might look like it has decent "ROI" to you, but that doesn't mean it was the best investment. You might have been better off building a GPU rig and mining Grincoin or Ravencoin. I.E. if you build a RandomX rig, you're earning less profit for the same amount of capital invested. And even if you earn the same return, you still took a higher risk than if you built a GPU rig (see the point above).
In the GPU mining community, I have the feeling that there's a lot of resentment over the 2018 crypto recession and the whole 'ASIC miner invasion'. I think people here are feeling burned over their losses last year and the evil ASIC takeover, and want an opportunity for the little guy to start mining again. So we're falsely seeing the RandomX ray of hope as a floodlight, and getting overexcited. And in general, the ordinary person cannot make a significant, steady profit in the crypto mining industry. The guy who wrote that thread is very rich and even 100 GTX 1080 Ti's cost nothing to him. The reason he became wealthy is because he avoided get-rich-quick gimmicks back in the day (like the dotcom sites) and focused on learning technology for the future. Mining will not make you rich, and especially not RandomX coin tossing. If you love RandomX, build your rig now, keep benchmarking and undervolting and have fun at it. But if you just want profit, wait until RandomX is up and running. And consider all the risks involved with a new algorithm and commercial mining in general. So I hope we can all reconsider whether we're excited about RandomX for the right reasons. Let's try to avoid jumping to conclusions about profitability and hold off on the Newegg 'checkout' button. Even though 12 cores at 70 watts sounds awesome. Happy mining!
Vertcoin was created in 2014. It is a direct hedge against long term mining consensus centralization on the Bitcoin mining network. Vertcoin achieves its mining consensus solely through Graphics Cards as they are the most abundant / widely available consensus devices that produce a reasonable amount of hashrate. This is done using a mining algorithm that deliberately geared against devices like ASICs, FPGAs and CPUs (due to botnets) making them extremely inefficient. Consensus distribution over time is the most important aspect of a blockchain and should not be taken lightly. It is critical that you understand what blockchain specifications mean/do to fully understand Vertcoin.
When users of our network send each other Vertcoin, their transactions are secured by a process called mining. Miners will compose a so-called block out of the pending transactions, and need to perform a large number of computations called hashes in order to produce the Proof-of-Work. With this Proof-of-Work, the block is accepted by the network and the transactions in it become confirmed. Mining is essentially a race. Whoever finds a valid Proof-of-Work and gets the block propagated over more than half of the Vertcoin network first, wins this race and is allowed to reward themselves with the block reward. The block reward is how new Vertcoin come in circulation. This block reward started at 50 VTC when Vertcoin was launched, and halves every four years. The current block reward is 25 VTC. Vertcoin's One Click Miner: https://github.com/vertcoin-project/One-Click-Minereleases Learn more about mining here: https://vertcoin.org/mine/ Specification List: · Launch date: Jan 11, 2014 · Proof-Of-Work (Consensus Mechanism) · Total Supply: 84,000,000 Vertcoin · Preferred Consensus Device: GPU · Mining Algorithm: Lyra2REv3 (Made by Vertcoin) · Blocktime: 2.5 minutes · SegWit: Activated · Difficulty Adjustment Algorithm: Kimoto Gravity Well (Every Block) · Block Halving: 4 year interval · Initial Block Reward: 50 coins · Current Block Reward: 25 coin More spec information can be found here: https://vertcoin.org/specs-explained/
Why Does Vertcoin Use GPUs Then?
ASIC’s (Manufactuer Monopoly) If mining were just a spade sure, use the most powerful equipment which would be an ASIC. The problem is ASICs are not widely available, and just happen to be controlled by a monopoly in China. So, you want the most widely available tool that produces a fair amount of hashrate, which currently manifests itself as a Graphics Card. CPUs would be great too but unfortunately there are viruses that take over hundreds of thousands of computers called Botnets (they’re almost as bad as ASICs).
Mining In Pools
Because mining is a race, it’s difficult for an individual miner to acquire enough computational power to win this race solo. Therefore there’s a concept called pool-mining. With pool-mining, miners cooperate in finding the correct Proof-of-Work for the block, and share the block reward based on the work contributed. The amount of work contributed is measured in so-called shares. Finding the Proof-of-Work for a share is much easier than finding it for a block, and when the cooperating miners find the Proof-of-Work for the block, they distribute the reward based on the number of shares each miner found. Vertcoin always recommends using P2Pool to keep mining as decentralized as possible. How Do I G