Emotet Gang Uses IoT Devices as “Smokescreen” for Trojans

Emotet Featured

IoT attacks are definitely not news; hackers have been using always-online gadgets as devices in botnets for a while now. Recently, however, we’ve seen the first use of IoT gadgets as a “smokescreen” for a larger attack to stop law enforcement from tracking the attackers.

How Hackers Hide Their Tracks

Emotet Footprint

It’s common these days for malware to send information back to a command center. Unfortunately for the hackers, if they tell the malware to send the information back home directly, this makes it very easy to shut them down. Law enforcement can look inside the malware’s code, find out where it’s sending the data, then go to that location and close up the operation.

As such, it’s not uncommon for hackers to mask their location by going through several “bounces.” Instead of sending data directly to their home base, they have it sent to a designated safe spot. This then passes it to another safe spot, then another, then another, until it finally reaches home.

For the hackers, these extra bounces are just a minor delay for getting their info; for people tracking their efforts, it can be a nightmarish web that never reveals where the home base is.

How IoT Comes into This

Emotet Iot

Usually, these bounces happen between servers or other infected computers. IoT, however, provides a lot of additional devices that hackers can take advantage of.

The Emotet gang, who have built a reputation for developing malware for IoT devices, are now using them to hide their main attacks. Due to the sheer number of IoT devices now on the internet, Emotet is using them as stepping stones for their main malware.

The attack works by first infecting a computer. It then collects data on the computer, then sends the information onto an infected IoT device. These devices then bounce the information around themselves until it sends it to the main control server.

At the same time, the Emotet gang can transmit commands from their main server to infected computers via this network of infected IoT devices. This means they can communicate to their network without risk of exposing their home base.

This system makes it very hard for law enforcement to work out where the attacks originate from. It’s also hard to shut down the chain, as it’s being ricocheted around different devices. As soon as one device is taken down, another one enters the network and replaces it.

How to Fix It

Emotet Device

If you’re worried about your own devices being part of a botnet, there’s not much you can do to tell if they’re part of one. The best you can do is give each device a restart and upgrade their firmware. This should hopefully clear out any malware lurking on it.

This is one of the main reasons why there have been calls to improve the security of IoT devices. With so many gadgets potentially being a part of a larget botnet without their owner’s knowledge, security needs to be tightened lest we see more of these attacks in the future.

Phone Home

While IoT botnets aren’t news, using them as a smokescreen for a larger attack is. With Emotet’s latest method of attack, we’re seeing a potential future where smart gadgets are used to obfuscate larger attacks.

Does this attack worry you? Let us know below.

One comment

  1. IoT was loosed on the public by greedy manufacturers and is now being exploited by greedy hackers. Anybody with even a tangential knowledge of the PC scene could have predicted this. WiFi hacking has been going on for years and WiFi is essential for IoT. Did the IoT makers and proselytizers think that automagically IoT will be immune to WiFi hacking???!!! Maybe the technology is ready but with respect to security, IoT was and is long way from being ready for prime time.

    “Does this attack worry you?”
    Yes, they do. Even though I do not own or use any IoT devices, I know that sooner or later I WILL be affected bhy the IoT lack of security.

    Why is it that every time I see ‘IoT’ I read it as ‘IdioT’?

Comments are closed.