News


Botnets, zombies and industrial security

January 2016 News

“A ‘bot’, short for robot, is a type of software application that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. The compromised machine may also be referred to as a ‘zombie’. A collection of these infected computers is known as a ‘botnet’.”– nacha.org.

Revolution - Eric Knapp, global director cyber security solutions, Honeywell Process Solutions

The ‘Internet of Things’ is exploding. Our IoT world is growing at a breath-taking pace, from two billion objects in 2006 to a projected 200 billion by 2020. That will be around 26 smart objects for every human being on Earth!

The image on this page is neither a virus, nor a cross-section of a zombie brain, it is a map of the Internet representing well over three billion connected users. Each user is represented by several devices e.g. they have a personal PC, business laptop, a smartphone, etc. The number of devices is growing at an exponential rate. The Internet is becoming ubiquitous. It is becoming pervasive. Some might say it’s even becoming invasive.

A guide to industrial cyber espionage

As the Internet surged into our personal and business lives, a threat followed hot on its heels – a threat to our privacy and safety.

In 2010 (http://www.instrumentation.co.za/article.aspx?pklarticleid=6957) Stuxnet struck the industrial cybersecurity gong. At the time, it was ground-breaking ... it was another revolution. Simple viruses gave way to complex, sophisticated, intelligent malware that was able to penetrate an air gapped network, infect logic controllers in a very targeted and precise way and manipulate industrial control processes in such a way that it caused physical damage. It caused a significant setback to the Iranian nuclear programme.

In June 2014 (http://www.instrumentation.co.za/8303a) a cyber espionage group, widely known as ‘Dragonfly’, actively targeted energy suppliers in predominantly Western countries. Dragonfly stole a lot of information. We are still not sure exactly how much information they stole or why they stole it. Unlike a lot of stolen information, this particular intellectual property has not surfaced yet. We don’t know why anyone took it. It could have been an academic exercise or it could be something much more sinister.

Why does the cyber threat exist?

The answer is simple. It’s about money. It is not about Euros or Dollars or Yen. It’s about Bitcoins – virtual currencies that have evolved in the digital age to allow anonymous transactions – transactions of the type where you can do almost anything:

• You can buy information if you need it.

• If you cannot create the malware yourself, you can have somebody else create it for you as a ‘service’.

• If you cannot access the network you need, you can buy your way in.

Personal cyber espionage – Raj Samani, chief technology officer (EMEA), Intel Security and advisor to The Europol Cyber Crime Force

What McAfee decided to do was test the allegations made in the paragraph above. One of the questions asked was, “What happens to the data after it is stolen?”

A research team conducted a study called ‘The Hidden Data Economy’ with the goal of understanding:

1. What happens after a data breach?

2. Does the data actually become available for selling?

3. If so, what data becomes available?

When the team started the research they expected to find credit card details. When they published the research the feedback that they received most often was, “You’re being ripped off. I can buy credit cards much cheaper than you.”

But, how does one know the services being offered are ‘trustworthy’? It is like any modern online business. If one buys a stolen credit card and it does not work, don’t worry, because you’ll get a free replacement.

One particular criminal enterprise investigated was offering a free customer service chat window, just in case you didn’t know how to perform the hack yourself – a criminal syndicate that actually gives you a free help desk!

Industrial espionage – understanding the adversary

Not only are vulnerabilities and direct access into the IT networks of large organisations being sold, but criminals are also selling direct access into operational technology.

First of all, we are up against an adversary who hacks and then provides that information to anybody willing to pay. An example is Cryptowall – a form of ransomware. If a computer is infected, the ransomware will encrypt all of the data on the computer. Not only that, it will also encrypt all of the data that you are connected to. So, if a computer uses shared drives and is connected to a company’s servers, it will encrypt those files as well.

To de-crypt that information, i.e. to get the data back, the user has to pay a ransom, somewhere in the region of about two Bitcoins (approximately US$400-500). A recent study showed that the Cryptowall Version 3 (by itself) netted the criminals US$235 million – a very conservative estimate. Since the research was completed it is estimated that the revenue could have doubled or tripled. That is just the revenue from Cryptowall Version 3.0.

The full article can be viewed at http://instrumentation.co.za/+J462



Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Reinstatement opportunity for ECSA registration
News
In 2023 the Engineering Council of South Africa (ECSA) announced a special opportunity for engineers in South Africa to reinstate their registration status if it had been cancelled. This exclusive offer is available until the end of August 2024.

Read more...
Comtest calibration user group seminar
Comtest News
Comtest invites metrology and calibration professionals to a focused technical seminar series aimed at demystifying some of the most common hurdles in inter-laboratory comparisons.

Read more...
Functional safety explained
News
The SAIMC supports Pepperl+Fuchs, a National Member, in a free four-part online seminar series focused on Functional Safety.

Read more...
The Future of manufacturing in Africa
News
The future and development of African manufacturing will be discussed extensively at the upcoming Manufacturing Indaba conference, to be hosted on 15 to 16 July 2025 at Johannesburg’s Sandton Convention Centre.

Read more...
Hot topics at IFAT Africa and analytica Lab Africa 2025
News
Burning issues such as climate-smart infrastructure, sustainability in waste and water management, the circular economy and Extended Producer Responsibility will come under discussion at the three-day conference and forum presented by analytica Lab Africa and IFAT Africa at Gallagher Convention Centre in Midrand, Johannesburg from 8 to 10 July 2025.

Read more...
RS South Africa showcases industrial solutions at MTE Phalaborwa
News
RS South Africa recently showcased its latest industrial and electronic solutions at the Mining and Technical Exhibition in Phalaborwa in Limpopo.

Read more...
Specialised Exhibitions appoints Joshua Low as commercial director for Africa
News
Specialised Exhibitions has appointed Joshua Low as commercial director for Africa. This strategic addition to the leadership team comes as Specialised Exhibitions embarks on an ambitious phase of growth across the African continent.

Read more...
WearCheck earns Dissolved Gas Analysis accreditation
Wearcheck News
WearCheck is now accredited to perform Dissolved Gas Analysis for transformers, following a recent assessment by SANAS.

Read more...
From the editor's desk: Riding the hype cycle
Technews Publishing (SA Instrumentation & Control) News
The other day I came across an entertaining article on the ten biggest tech failures of the last decade. Google Glass, 3D TV and Elon Musk’s hyperloop have faded into obscurity. Others, like the metaverse, ...

Read more...
STEMulator – a gift to the youth of the nation
Editor's Choice News
STEMulator is a groundbreaking virtual platform designed to ignite the spark of curiosity in young minds and stimulate their interest in STEM subjects.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved