Story image

IoT bank attacks on show at INTERPOL's Digital Security Challenge

23 Feb 2018

Cybercrime experts from 23 countries including regions in Asia , Africa, Europe, the Middle East and South America converged in Vienna, Austria this week as part of INTERPOL’s Digital Security Challenge event.

This is the first year the event has been held in Vienna, as the last two challenges were previously held in Singapore.

The event presented a simulated cyber attack on a bank, which was launched through an IoT device. The criminals attempted to steal large sums of money.

Investigators analysed the bank’s computers to identify the date, time and files that were compromised by the criminals.

They discovered that a hacked webcam was the source of the attack. The webcam sent an email attachment that contained the malware.

Teams then had to identify the command and control center that was used to remotely control the webcam and conduct the attack. They also found a second command and control center, as well as bank server vulnerabilities.

According to Interpol’s executive director of the Global Complex for Innovation, Noboru Nakatani, the entire simulation was a learning experience for how to conduct real-world investigations more effectively.

“The ever-changing world of cybercrime is constantly presenting new challenges for law enforcement, but we cannot successfully counter them by working in isolation,” Nakatani states.

Interpol believes that cyber attacks that leverage IoT devices have increased ‘significantly’ in the last two years, according to reports from the private cybersecurity industry.

The Mirai botnet from 2016 was one of the most prevalent cases of IoT device infection, which hits tens of thousands of devices.

“A multi-stakeholder approach which engages the expertise of the private sector is essential for anticipating new threats and ensuring police have access to the technology and knowledge necessary to detect and investigate cyberattacks,” Nakatani continues.

Kozo Matsuo, vice president of cyber security from technology firm NEC, says the company supported the event by delivering a lecture on IoT botnets. He says the company was proud to help strengthen international security measures.

“NEC has contributed as a strategic partner to INTERPOL’s commitment to improve the cybersecurity skills of investigators throughout the world. For the third year, NEC is honored to have helped develop the Digital Security Challenge by providing our expertise at this cutting-edge event,” Matsuo says.

NEC has been working with Interpol to support cybercrime investigations since 2012. The Cyber Defense Institute also supported the Digital Security Challenge.

Interpol also offers the following tips for safeguarding IoT devices:

  • Change the factory default passwords – these can be the same for hundreds or thousands of devices, making it easy for criminals to hack;
  • Regularly update all software;
  • Disable features which allow the device to be accessed remotely;
  • Take extra care when buying used devices – you don’t know what the previous owner installed on the device.
Forget endpoints—it’s time to secure people instead
Security used to be much simpler: employees would log in to their PC at the beginning of the working day and log off at the end. That PC wasn’t going anywhere, as it was way too heavy to lug around.
DimData: Fear finally setting in amongst vulnerable orgs
New data ranking the ‘cybermaturity’ of organisations reveals the most commonly targeted sectors are also the most prepared to deal with the ever-evolving threat landscape.
IXUP goes "post-quantum" with security tech upgrade
The secure analytics company has also partnered with Deloitte as a reseller, and launched a SaaS offering on Microsoft Azure.
ExtraHop’s new partner program for enterprise security
New accreditations and partner portal enable channel partners to fast-track their expertise and build their security businesses.
Hackers increasingly ‘island hopping’ – so what does it mean?
Carbon Black's Rick McElroy discusses this new trend and what it means for the new age of cybercrime.
Trust without visibility is blind – Avi Networks
Enterprises are wanting to gain the trust of their customers, but are often found blindly defending themselves.
How to avoid becoming a cryptojacking victim - Bitglass
Large-scale cryptojacking is a lucrative business due to the popularity and value of cryptocurrencies like Bitcoin and Ethereum.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.