An ominous forecast from Cisco’s just-released Midyear Cyber Security Report has identified what it says is a new and emerging security threat: the Destruction of Service (DeOS).
The report says attackers could be using IoT botnets to “lay the foundation for a wide-reaching, high impact attack that could potentially disrupt the Internet itself.”
The ominous forecast comes from Cisco’s just-released Midyear Cyber Security Report. Internet disruption aside, it warns that a DeOS attack on an organisation “could be far more damaging than current attack methods, leaving businesses with no way to recover.”
Cisco says the perpetrator of a DeOS attack will seek to eliminate the ‘safety net’ that organisations rely on to restore their systems and data following malware infestations, a ransomware campaign, or any other cyber incident that severely disrupts their operations.
IoT security has long been characterised as an arms race and Cisco’s latest assessment seem to be that the bad guys are gaining ground. “We expect that defenders will struggle to maintain ground as the IoT expands,” the report says.
“Adversaries are devising high-impact, well-planned attacks that are designed to prevent any organisation, big or small, from operating. They know that no business has a contingency plan that outlines how to rebuild all their IT or OT from scratch, and they are determined to use that weakness to their advantage.”
The report offers no further insights into the nature of DeOS attacks but says “What we can be sure of is that the emerging Internet of Things (IoT), and its myriad devices and systems with security weaknesses ripe for exploitation, will play a central role in enabling these campaigns of escalating impact.” The IoT world, Cisco says, is “rampant with vulnerabilities—known and unknown.”
Among the many security issues around IoT the report singles out Windows XP as a particular problem, noting that it is “a primary underlying system for operational technology in healthcare, energy, manufacturing, and other verticals” that is no longer actively supported by Microsoft, and that it is extremely difficult and costly for businesses to update mission-critical devices that run XP.
It details two attacks on hospital systems that used Windows XP devices and were detected by TrapX, a company whose technology is designed to deceive would-be attackers with decoys that imitate their IT assets.
In one, attackers compromised a Windows XP-based MRI system. “They found patient data on the system, but soon realised there was opportunity to move laterally to gain control of the hospital’s PACS systems [used to centralise and archive patient records and other critical information]. Forensics research of the attack showed the adversaries had been able to operate in the hospital’s network for more than 10 months.”
In another the attackers exploited a Windows XP oncology system, infected three machines one of which was used to control a powerful laser), and turned one into a botnet master that spread malware across the hospital network.”
On a more positive note, the report says governments have a clear opportunity to help technology developers build a safer IoT world, but they need to start changing their practices and move toward greater transparency.
The report adds: “Technology developers, meanwhile, should press for the creation of reporting mechanisms that acknowledge government incentives to collect exploits but also encourage timely reporting and information sharing.”
