Black Hat 2020: Team from the Georgia Institute of Technology presents research on IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets

At the virtual Black Hat cybersecurity conference, a team from the Georgia Institute of Technology presented their research on IoT Skimmer: Energy Market Manipulation through High-Wattage IoT Botnets

One of the leaders in industrial and critical infrastructure security is Nozomi Networks. Technology Evangelist Chris Grove of Nozomi Networks commented on the findings:

“We’ve been tracking this attack vector for some time. Industrialized hacking is profit-driven, and relies on the cheapest, easiest, lowest risk methods to commit crimes. Manipulating the energy markets by consuming power is cumbersome, high risk, and requires different specialties working together to commit a crime.

The skillsets required to successfully pull of an attack on the energy markets would require several different roles  working in conjunction. Since this specific type of botnet isn’t available for hire, a criminal enterprise would need a hacker highly skilled IoT Botnet operations. Next, an energy / energy market analyst that would understand how to best impact the power grid. Additionally, someone would need to know how to secretly, and securely invest in regulated energy markets, and move that money out afterwards.  In order to pull off a heist of this nature, the criminal enterprise would have committed crimes falling under several investigative bodies in the US, including the FBI, DHS, the Secret Service, and more.

The scope of the crime goes beyond typical ransomware crime, as any attack on the U.S. power grid is sure to gain the attention of the national security apparatus, who in the interest of ensuring a nation. State isn’t involved, will assist the other agencies in tracking down the perpetrators.  I think the common criminals will see the price as too steep, and continue using the existing low cost methods available to them. The groups committing this type of crime will stand out and garner more attention than normal, making it easier for the good guys to combat it.

The rapid deployment of IoT devices globally will provide creative adversaries with new avenues to utilize and monetize their access to vulnerable IoT devices. While amassing a high-wattage botnet in a specific region in order to affect energy markets is currently not trivial, the research presents a compelling scenario of what the future might hold. The peculiarities of IoT devices are such that running a safe network can become a cumbersome task. To mitigate this kind of threat there are well-known solutions that are relatively simple to implement such as a proper network segmentation or carefully limiting the exposure of services to the most essential.

A more strategic but at the same time more complicated solution, would be instead to properly evaluate the software/hardware supply chain behind an IoT device. It does require an heavier investment upfront, but pays off in the long run, in particular if we consider the lifespan of an IoT device used in an industrial context.”