Embed Size (px)
Citation preview
PRESENTED BY:
•
••
•
•
What is it and why is it important?
••
••
•• Security trends influenced by technology and geo-political events••
•••••
••
•
•
•
•
•
•
••
•
•
•
•
•
•
•
•
•••
•
MILLIONS OF ATTACKS
BILLIONS OF IoT DEVICES
Attacks By Port Comparison(January 1st - June 30th 2018)
January Feburary March April May June
Port 22
Port 80
Port 23
Attacks Against Ports Used by IoT Devices(Jan 1st – June 30th 2018)
January Feburary March April May June
Port 23
Port 5060
Port 8080
Port 7547
Port 8291
Port 2323
Port 2222
Port 8081
Port 9200
Port 8090
Port 52869
Port 37777
Port 37215
Port 2332
Port 2223
Protocol Service Port IoT Device Types Protocol Service Port IoT Device TypesTCP Telnet 23 ALL TCP HTTP_Alt 8080 SOHO routers, smart sprinklers, ICSTCP, UDP Rockwell 2222 ICS TCP HTTP_Alt 8081 DVRsTCP, UDP Rockwell 2223 ICS TCP HTTP_Alt 8090 WebCamsTCP Telnet 2323 ALL TCP Applications 8291 SOHO routersTCP Applications 2332 Gaming consoles UDP WSP 9200 WAPsTCP, UDP SIP 5060 VoIP phones, video conferencing TCP, UDP UPnP 37215 SOHO RoutersTCP, UDP Secure SIP 5061 VoIP phones, video conferencing TCP Applications 37777 DVRsTCP TR069 7547 SOHO routers, gateways, CCTV TCP UPnP 52869 Wireless chipsets
Q3 and Q4 2016
70%
Telecom / ISP
24%Hosting
Unknown Online Gaming
Online Gambling
56%
Telecom / ISP44%
Hosting
Q1 and Q2 2017 Q3 and Q4 2017
84%Telecom / ISP
14%Hosting
Manufacturing (2%)
60%
Telecom / ISP
IoT v5Digital Only!
8/20/2018
Hosting
16%
Unknown24%
• July 1 – Dec 31st 2017• 36/50 China• 74% of IPs seen
attacking prior• 66% of IPs have been
consistently attacking for 2 years!
Top 50 Attacking IPs
Pos IP IP Owner Country ASN New?1 116.31.116.21 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,32 58.218.198.160 ChinaNet China AS4134 IoT v1,2,33 58.218.198.162 ChinaNet China AS4134 IoT v1,2,34 193.201.224.109 PE Tetyana Mysyk Ukraine AS25092 New5 58.218.198.161 ChinaNet China AS4134 IoT v1,2,36 218.65.30.156 ChinaNet China AS4134 IoT v1,2,37 58.218.198.156 ChinaNet China AS4134 IoT v1,2,38 113.195.145.52 China Unicom China169 Backbone China AS4837 IoT v1,2,39 116.31.116.7 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,310 58.218.198.155 ChinaNet China AS4134 IoT v1,2,311 58.218.198.145 ChinaNet China AS4134 IoT v1,2,312 116.31.116.41 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,313 116.31.116.17 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,314 182.100.67.252 ChinaNet China AS4134 IoT v1,2,315 58.218.198.169 ChinaNet China AS4134 IoT v1,2,316 113.195.145.21 China Unicom China169 Backbone China AS4837 IoT v1,2,317 91.195.103.188 Global Layer B.V. Czech Republic AS57172 New18 116.31.116.18 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,319 193.201.224.232 PE Tetyana Mysyk Ukraine AS25092 New20 91.195.103.189 Global Layer B.V. Czech Republic AS57172 New21 58.242.83.9 China Unicom China169 Backbone China AS4837 IoT v122 91.197.232.109 Planet Telecom Ltd. UK AS43715 New23 123.249.24.199 ChinaNet China AS4134 IoT v1,2,324 61.177.172.60 ChinaNet China AS4134 IoT v1,2,325 116.31.116.33 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,326 116.31.116.27 ChinaNet Guangdong Province Network China AS134764 IoT v1,2,327 58.242.83.8 China Unicom China169 Backbone China AS4837 IoT v1,28 195.22.127.83 Sprint S.A. Poland AS197226 New29 58.218.198.148 ChinaNet China AS4134 IoT v1,2,330 58.218.198.165 ChinaNet China AS4134 IoT v1,2,331 61.177.172.66 ChinaNet China AS4134 IoT v1,2,332 107.0.106.213 Comcast Cable Communications U.S. AS7922 IoT v133 59.45.175.4 ChinaNet China AS4134 IoT v1,2,334 58.57.65.113 ChinaNet China AS4134 IoT v1,2,335 217.9.237.9 Blizoo Media and Broadband Bulgaria AS13124 New36 58.218.198.175 ChinaNet China AS4134 IoT v1,2,337 91.197.232.107 Planet Telecom Ltd. UK AS43715 New38 190.214.22.242 CORPORACION NACIONAL DE TELECOMUNICACIONES Ecuador AS28006 New39 58.218.198.150 ChinaNet China AS4134 IoT v1,2,340 58.218.198.170 ChinaNet China AS4134 IoT v1,2,341 51.254.34.30 OVH SAS France AS16276 IoT v242 123.249.24.160 ChinaNet China AS4134 IoT v1,2,343 58.218.198.172 ChinaNet China AS4134 IoT v1,2,344 58.218.198.141 ChinaNet China AS4134 IoT v1,2,345 46.37.24.118 Aruba S.p.A. Italy AS31034 New46 58.57.65.114 ChinaNet China AS4134 IoT v1,2,347 203.91.121.73 DRAGONLAB China AS24575 New48 155.133.16.246 TralNet Pawel Cichocki Poland AS200642 New49 58.218.198.158 ChinaNet China AS4134 IoT v1,2,350 184.106.219.63 Rackspace Hosting U.S. AS19994 New
• Jan 1 – June 30, 2018 • ALL NEW!• Introduction of Iran and
Iraq IPs
Top 50 Attacking IPs
Pos IP IP Owner Industry Country ASN1 185.140.242.49 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS568152 185.140.242.96 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS568153 185.140.242.81 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS568154 185.140.243.12 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS568155 185.140.100.233 Daniel Wojda trading as Netservice Telcom / ISP Poland AS2032726 185.140.102.190 Daniel Wojda trading as Netservice Telcom / ISP Poland AS2032727 185.140.243.95 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS568158 185.140.100.120 Daniel Wojda trading as Netservice Telcom / ISP Poland AS2032729 185.140.101.69 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327210 167.99.83.206 DigitalOcean, LLC Hosting UK AS1406111 185.140.100.9 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327212 185.140.241.64 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS5681513 163.177.152.14 China Unicom Guangdong IP network Telcom / ISP China AS13695914 218.63.110.81 ChinaNet-YN Telcom / ISP China15 185.140.103.228 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327216 185.140.192.41 Layth Zuhair Zahid Unknown Iraq AS20325717 185.140.243.111 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS5681518 185.140.192.9 Layth Zuhair Zahid Unknown Iraq AS20325719 103.51.35.206 Sky Tele Ventures Telcom / ISP India20 185.140.101.5 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327221 222.73.254.215 ChinaNet-SH Telcom / ISP China22 185.140.102.156 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327223 185.140.101.150 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327224 185.140.101.121 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327225 185.55.65.59 IntegraDesign, Mariusz Barczyk Hosting Poland AS6115426 185.140.101.75 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327227 185.55.1.6 Iskratelecom CJSC Telcom / ISP Russia AS2912428 185.55.64.183 IntegraDesign, Mariusz Barczyk Hosting Poland AS6115429 185.140.101.96 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327230 185.140.102.164 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327231 174.141.164.8 Hotwire Communications Telcom / ISP US AS2308932 181.20.197.168 Telefonica de Argentina Telcom / ISP Argentina33 185.140.102.249 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327234 185.140.161.237 LANTA Ltd Telcom / ISP Russia AS4126835 67.205.178.243 DigitalOcean, LLC Hosting US AS1406136 185.140.194.206 Layth Zuhair Zahid Unknown Iraq AS20325737 185.55.202.92 Orion Digital Services Ltd. Telcom / ISP Ireland AS6015538 185.140.192.40 Layth Zuhair Zahid Unknown Iraq AS20325739 121.23.244.192 China Unicom Telcom / ISP China40 185.140.102.168 Daniel Wojda trading as Netservice Telcom / ISP Poland AS20327241 167.99.1.222 DigitalOcean, LLC Hosting US AS1406142 185.140.242.100 Farakam Rayan Kish Co. (Ltd.) Unknown Iran AS5681543 67.205.186.38 DigitalOcean, LLC Hosting US AS1406144 185.140.215.116 Durcatel CB Telcom / ISP Spain AS6080745 222.161.223.54 China Unicom-JL Telcom / ISP China46 188.187.188.76 ER-Telecom Telcom / ISP Russia AS4178647 50.5.135.150 Fuse Internet Access Telcom / ISP US AS618148 188.166.151.126 DigitalOcean, LLC Hosting UK AS1406149 185.12.179.208 Aruba Cloud Network Hosting Germany50 212.31.113.119 Cyprus Telecommunications Authority Telcom / ISP Cypress AS6866
~87%Username = Password
Username Password
support supportroot rootadmin admin123ubnt ubntusuario usuarioservice servicepi raspberryuser userguest guesttest testsupervisor supervisorgit git0 0ftp ftpoperator operatororacle oracleosmc osmcubuntu ubuntudefault 1monitor monitorpostgres postgresnagios nagios1111 1111api api
Username Password
10101 10101dbadmin adminbutter xuelp123ftpuser asteriskftpPlcmSpIp PlcmSpIptomcat tomcathadoop hadoopmysql mysqlvagrant vagrantjenkins jenkinswww wwwa aapache apacheminecraft minecrafttestuser testuserts3 ts3backup backupvnc vncdeploy deployodoo odoouser1 user1alex alexzabbix zabbix10101 10101dbadmin admin
Username Password
root rootsupport supportadmin admin123ubnt ubntservice serviceusuario usuariopi raspberryuser usertest testguest guestoracle oracleoperator operatorsupervisor supervisorftp ftpgit gitubuntu ubuntunagios nagiospostgres postgresuucp uucpAdmin adminftpuser asteriskftpRoot1234 <Any Pass>
Username Password
tomcat tomcatPlcmSpIp PlcmSpIpsshd sshdmonitor monitorbutter xuelp123mysql mysqlhadoop hadoopuser1 user1cisco ciscovagrant vagrant101 101ts3 ts3apache apachetelnet telnetjenkins jenkinsManagement TestingR2www wwwzabbix zabbixbackup backupanonymous any@a aosmc osmctomcat tomcatPlcmSpIp PlcmSpIp
“Equifax breach in Argentina”
• Re-route • Monitor• Listen• Take offline• Disrupt operations /
communications
This goes beyond cyber into life impact
• Disrupt flow• Disable• Mess with data• Did you know we
have hydrogen cars?
•••••
•••
••
••
•••
••
••
•••••
•
•
••
•
