DOI QR코드

DOI QR Code

VPN-Filter Malware Techniques and Countermeasures in IoT Environment

사물인터넷 환경에서의 VPN-Filter malware 기술과 대응방법

  • Kim, Seung-Ho (Division of Information Communication, Baek-seok University) ;
  • Lee, Keun-Ho (Division of Information Communication, Baek-seok University)
  • 김승호 (백석대학교 정보통신학부) ;
  • 이근호 (백석대학교 정보통신학부)
  • Received : 2018.10.22
  • Accepted : 2018.12.20
  • Published : 2018.12.31

Abstract

Recently, a wide variety of IoT environment is being created due to the rapid development of information and communication technology. And accordingly in a variety of network structures, a countless number of attack techniques and new types of vulnerabilities are producing a social disturbance. In May of 2018, Talos Intelligence, the Cisco threat intelligence team has newly discovered 'VPN-Filter', which constitutes a large-scale IoT-based botnet, is infecting consumer routers in over 54 countries around the world. In this paper, types of IoT-based botnets and the attack techniques utilizing botnet will be examined and the countermeasure technique through EXIF metadata removal method which is the cause of connection method of C & C Server will be proposed by examining the characteristics of attack vulnerabilities and attack scenarios of VPN-Filter.

최근 정보통신기술의 빠른 발전에 따라 새로운 유형의 취약점 및 공격 기법들이 수없이 생겨나고 사회적인 물의를 일으키고 있다. 본 논문에서는 2018년 5월경 Cisco 위협 정보팀인 Talos Intelligence가 새롭게 발견한 대규모 사물인터넷 기반 botnet을 구성하는 'VPN-Filter'의 공개된 표본을 분석하여, 현시대의 사물인터넷 기반 botnet의 구성 방식과 공격방식에 대하여 살펴보고 해당 자료를 바탕으로 VPN-Filter와 접목해 VPN-Filter의 공격 시나리오와 공격 취약점의 특징에 대해 이해하고 VPN-Filter 악성코드를 이용한 Botnet 구성의 핵심이 되는 C&C Server 연결방식의 원인을 제거하기 위해 EXIF 메타데이터 제거 방식을 통한 해결방안을 제안하여 미래에 다가올 4차 산업혁명 시대의 사이버 보안에 기여하길 기대한다.

Keywords

JKOHBZ_2018_v8n6_231_f0001.png 이미지

Fig. 1. General structure of direct command and control botnets

JKOHBZ_2018_v8n6_231_f0002.png 이미지

Fig. 2. General structure of P2P-based botnets

JKOHBZ_2018_v8n6_231_f0003.png 이미지

Fig. 3. Differences between DoS and DDoS

JKOHBZ_2018_v8n6_231_f0004.png 이미지

Fig. 4. Blockchain technique schematization

JKOHBZ_2018_v8n6_231_f0005.png 이미지

Fig. 5. schematization by attack stage

JKOHBZ_2018_v8n6_231_f0006.png 이미지

Fig. 6. GPS data in picture files

JKOHBZ_2018_v8n6_231_f0007.png 이미지

Fig. 7. Example of a simple EXIF metadata removal python program

References

  1. W. Largent. (2018). New VPNFilter malware targets at least 500K networking devices worldwide. California : Cisco.
  2. H. J. Bak, S. B. Yang, J. K. Jang & Y. H. Jeon. (2016). A Study on the Cyber Attack against Social Infrastructure and the Security Countermeasure. Journal of Korean Society for Internet Information, 17(1), 285-286.
  3. http://www.igloosec.co.kr/BLOG_VPNFilter%20%EC%95%85%EC%84%B1%EC%BD%94%EB%93%9C%20%EB%B6%84%EC%84%9D%20%EB%B3%B4%EA%B3%A0%EC%84%9C?searchItem=&searchWord=&bbsCateId=47&gotoPage=1
  4. S. Saad, L. Traore, A. Ghorbani, B. Sayed, D. Zhao, W. Lu, J. Felix & P. Hakimian. (2011). Detecting P2P botnets through network behavior analysis and machine learning. In Privacy, Security and Trust (PST), 2011 Ninth Annual International Conference. (pp. 174-180). IEEE.
  5. Y. Fan & N. Xu. (2014). A P2P Botnet Detection Method Used On-line Monitoring and Off-line Detection. International Journal of Security and Its Applications, 8(3), 87-96. https://doi.org/10.14257/ijsia.2014.8.3.10
  6. J. S. Lee, D. W. Kim, W. H. Park & K. H. Kuk. (2009). A Study on Analysis and Response of DDoS Cyber Terror Based on Network. Jouranl of Information and Security, 9(3), 43-51.
  7. I. S. Lee & S. Y. Lee. (2018). A Study on Implementation of DDOS Attack Simulator in Cloud Computing. The Journal of Korean Institute of Communications and Information Sciences, 2018.6, 1384-1385.
  8. Y. G. Park. (2013). Analysis of DDoS Attack Trends through Cyber ??Shelters. KISA, Internet & Security Focus, 2, 28-38.
  9. J. H. Joo, H. C. Youn, J. S. Oh & T. H. Kim. (2018). A Study on Cognitive Dissonance in the Understanding of Blockchain and Crpytocurrency. The Journal of the Korea Contents Association, 2018(5), 73-74.
  10. bitcoin.org
  11. www.ethereum.org
  12. ripple.com
  13. H. Y. Kim. (2018). Analysis of Security Threats and Countermeasures on Blockchain Platforms. Korean Institute of Information Technology, 16(5), 103-112.
  14. Microsoft. (2018). Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign. Washington : Microsoft
  15. H. S. Seo, J. S. Choi & P. H. Chu. (2009). Design of Classification Methodology of Malicious Code in Windows Environment. Journal of The Korea Institute of Information Security and Cryptology, 19(2), 83-92.
  16. S. H. Hong & J. A. Yu. Ransomware attack analysis and countermeasures of defensive aspects. Journal of Convergence for Information Technology, 8(1), 139-145. https://doi.org/10.22156/CS4SMB.2018.8.1.139