Class 7- XIoT and Botnets.pptx

Instructor: Junior Williams
Class 9- XIoT Botnets and Related Technologies
Madhusha (Maddy) Nanayakkara

Introduction to IoT, OT, and XIoT
IoT refers to Internet of Things, a network of physical objects embedded with
sensors and software to connect and exchange data over the internet
OT refers to Operational Technology, hardware and software used to monitor
and control physical processes and devices
XIoT refers to Extended Internet of Things, encompassing IoT, OT, and other
cyber-physical systems like medical devices

Overview of IoT
• Connects everyday objects like appliances,
vehicles, lights, etc. to the internet via
embedded sensors and software
• Enables objects to collect and exchange data,
becoming "smart" devices
• Provides automation, analysis, integration of
physical world into computer systems
• Applications across many industries like
manufacturing, transportation, healthcare, etc.

IoT Components
• Sensors collect data
• Connectivity via
networks
• Software for analytics

IoT Communication
Protocols
IoT Communication Protocols
• MQTT - lightweight publish-subscribe protocol
• CoAP - web transfer protocol for constrained
nodes
• AMQP - asynchronous messaging protocol
• DDS - data-centric publish-subscribe protocol
• XMPP - extensible messaging and presence
protocol

Overview of OT
Hardware and software
systems used to monitor and
control physical processes
Found in industries like
manufacturing, power
generation, oil and gas, etc.
Includes components like
sensors, SCADA, DCS, PLCs,
HMIs, actuators
Focuses on reliability, safety,
real-time control vs IT focus
on data/info
OT (Operational Technology): OT specifically refers to the
technology used to monitor and control physical processes,
devices, and infrastructure in industrial operations. It includes
systems like SCADA (Supervisory Control and Data Acquisition),
PLCs (Programmable Logic Controllers), and other control
systems.

OT Components
• Sensors measure processes
• PLCs control processes
• SCADA monitors systems
• DCS - distributed control system
• HMIs - human-machine
• Actuators - mechanical devices
SCADA, which stands for Supervisory Control and
Data Acquisition, is a system of hardware and
software elements used to control and monitor
industrial processes, infrastructure, and facilities.

Overview of
XIoT

XIoT
Cybersecurity
Challenges
• Legacy devices
vulnerable
• Lack of visibility
• Increasing threats

XIoT
Cybersecurity
Best Practices
• Asset inventory
• Access control
• Encryption
• Security frameworks
(e.g. NIST, CIS, ISO, etc.)

Group Activity – Assessment 3 / PART 2
• Groups are supposed to discuss the following topics and prepare a short
presentation.
• What is IoT?
• How IoT is applied in the Industry assigned to your group.
• Group A: Smart Home
• Group B: Healthcare
• Group C: Retail
• Group D: Agriculture
• Group E: Transportation
• What Cybersecurity concerns does IoT raise in that industry?

XIoT Security Standards/Frameworks
IEC 62443 - Industrial
automation and control
systems security
NIST SP 800-82 - Guide
to industrial control
systems security
ISO/IEC 27001 -
Information security
management
NIST Cybersecurity
Framework
CIS Critical Security
Controls

XIoT Security
Solutions
• Splunk(https://www.splunk.com)
• Tenable (https://www.tenable.com)
• Armis (https://www.armis.com)
• Claroty (https://claroty.com)

XIoT Governance
• Define roles and
responsibilities
• Policies and procedures
• Risk assessments

XIoT Governance -
Define roles and
responsibilities
• IoT Governance Board: Establish a dedicated
governance board responsible for overseeing and
guiding XIoT initiatives. This board may include
representatives from various departments, such as
IT, security, legal, compliance, and business units.
• Chief IoT Officer (CIoTO): Designate an executive
or leader responsible for coordinating and driving
the organization's XIoT strategy. This role ensures
alignment with business goals and compliance
with regulatory requirements.
• IoT Project Teams: Define roles and
responsibilities for teams involved in
implementing and managing specific IoT projects.
This may include individuals responsible for
device deployment, data management, security,
and maintenance.

XIoT Governance -
Policies and procedures
• Data Governance Policies: Establish clear policies
governing the collection, storage, processing, and sharing
of IoT-generated data. Ensure compliance with data
protection regulations and industry standards.
• Security Policies: Develop comprehensive security
policies that address the unique challenges of IoT devices,
including authentication, encryption, and secure device
lifecycle management.
• Privacy Policies: Define policies that protect the privacy
of individuals whose data is collected by IoT devices. This
includes obtaining consent, anonymizing data when
necessary, and providing transparency about data usage.
• Device Lifecycle Management: Implement procedures
for the entire lifecycle of IoT devices, from procurement
and deployment to maintenance, updates, and eventual
decommissioning.

XIoT Governance - Risk
assessments
• Security Risk Assessment: Conduct regular assessments
to identify and mitigate security risks associated with XIoT
deployments. This includes evaluating vulnerabilities in
devices, networks, and communication protocols.
• Compliance Risk Assessment: Assess the organization's
compliance with relevant laws, regulations, and industry
standards governing IoT implementations, such as data
protection and cybersecurity regulations.
• Operational Risk Assessment: Evaluate the operational
risks associated with XIoT, including potential disruptions
to business processes, system failures, and the impact on
customer experiences.
• Supply Chain Risk Assessment: Assess and manage risks
related to the IoT device supply chain, ensuring the
integrity and security of devices from production to
deployment.

XIoT Governance -
Enforcement
Monitoring and Enforcement:
• Continuous Monitoring: Implement mechanisms for
continuous monitoring of IoT devices and the associated
infrastructure to detect anomalies, security breaches, or
performance issues.
• Enforcement Mechanisms: Define processes for enforcing
policies and procedures, including consequences for non-
compliance. This may involve using technology solutions,
conducting audits, and providing ongoing training to
personnel.
Regular Audits and Reviews:
• Regular Audits: Conduct periodic audits of XIoT
implementations to ensure alignment with governance
policies, regulatory requirements, and best practices.
• Performance Reviews: Assess the performance of XIoT
initiatives against defined objectives, making adjustments
as needed to improve efficiency, security, and compliance.

Securing IoT
Devices
• Change default
credentials
• Encrypt
traffic/data
• Patch and update
devices

Securing OT
Environments
• Test patches and changes
• Deploy OT security tools
• Monitor behaviour

Medical Device Security
Inventory assets Work with
manufacturers
Segment networks

XIoT – Final Thoughts
IoT, OT, and XIoT enable
automation and data exchange
between cyber-physical systems
and internet-connected devices
Presents new security
challenges with diverse,
interconnected assets and
environments
Holistic approach required
combining IT and OT security
tools, policies, and procedures
Asset management, network
segmentation, monitoring, and
encryption key for risk
reduction

Hacking IoT
devices with
Python

Common IoT
Cyber
Attacks
Explained

Botnets
• A botnet comprises specific internet-connected computers
• Each computer infected by specialized malware
• Malware enables remote attacker to control individual computer
• All computers collectively managed by attacker through designated
server
• Server used to issue commands to all malware-infected computers

Overview

Botnets usually have the structure of a centralized network
Which means – each Bot is controlled by the server
This server is also called a C&C Server
Add a footer
The Structure of Botnets

The C&C Server
C&C server is for Command & Control
Attacker stores commands for botnet on server
Bots pull commands from server
Bots return operation results to server
Add a footer

How Bots Are Made
• A computer can be infected by
visiting a malicious website
• An Infected mails, or software's
are also an option which
cybercriminals use to infect
computers and turns them into
bots
Add a footer

How Bots Are Made
Once a computer is infected, it tries to connect to the C&C Server
If successful, the malware generate a Unique ID for this computer and send it along with
other valuable info (locations, usernames, password hashes, etc.) to the C&C Server
Add a footer

Bot Routine
Bot routine initiated based on attacker's configuration
 Bot connects to C&C at set intervals, such as once a day, to fetch
commands
 Bot carries out fetched commands
 Results of executed commands sent back to C&C
Add a footer

What Kind of Commands can the
Bots Execute ?
There 2 types of commands usually executed by the
bots:
Local commands – which usually will retrieve
information from the Bot’s computer
Remote commands – which usually will used to
attack other computers using the Bot
Add a footer

Local Commands –
Screenshots
Download files
Execute Files
View webcam
Obtain credentials
Add a footer
What Kind of Commands the Bots
Can Execute ?

What Kind of Commands the
Bots Can Execute ?
Remote Commands –
DoS attack
Try to infect a remote computer
Send a malicious email
Add a footer

DoS & DDoS
 DoS – Denial Of Service – is an attack which aims to make a service
unavailable to legitimate users for example preventing YouTube from
being able to serve users.
 DDoS – Distributed Denial Of Service – is the same attack but its
executing from a number of computers for example Bots
Add a footer

DoS & DDoS – How it Works ?
The attack preformed by sending many request as possible to a
server until it crashes (from running out of compute or storage
capacity)
Modern servers are too resilient to be crashed by a single
computer
DDoS – Attackers now uses Botnets in order to perform a
successful DoS attack
Add a footer

DoS & DDoS
 And this is how it looks like:
Add a footer
https://norse-
corp.com/map/

How Attackers Construct a
New Botnet Network ?
• An Exploit Kit
• Scanning
• Buying an existing botnet network
Add a footer

Exploit Kit
• An Exploit Kit is a special kit designed and built in
order to execute an authorized code on a remote
computer
• It can be bought(for example on the dark net) or
be devolved by an attacker
• If an Exploit Kit offers a unique ability to infect
remote computers it can become a really
expensive business
Add a footer

Scanning
• An attacker can
scan the internet
for unpatched
computers
Add a footer

Buying an Existing
Botnet Network
• Cybercriminals offer pre-
constructed networks online
• Activity ongoing for extended
period on Dark Net
• Botnet network cost
influenced by geographical
location of compromised
computers
• Computers in United States
often command highest prices
Add a footer

What is
botnet and
how does it
spread?

Break
Questions?
Drop a message on the chat or
send an email to
junior.williams@torontosom.ca

Class 7- XIoT and Botnets.pptx

Recommended

Recommended

More Related Content

Similar to Class 7- XIoT and Botnets.pptx

Similar to Class 7- XIoT and Botnets.pptx (20)

More from Madhusha15

More from Madhusha15 (7)

Recently uploaded

Recently uploaded (20)

Class 7- XIoT and Botnets.pptx

Editor's Notes