The role of this case study is to explain how it's feasible to exploit some business assets using the IoT search engines and some hacking tools.
In this chapter, we would apply the Censys searching tool for crawling the web in a quite wide context, so the users of this book should simply follow the given instructions.
It's quite clear that such an asset could get included into a critical infrastructure for a reason - in case of its collapse many people would stay without many things meaning a lot to them.
We could try to deal with some trading organizations, but to be honest - we would get no information about their vitally significant web servers using the Censys as our searching tool.
Next - in a Figure 1 - we would show a typical business illustration being accessible through the web.
The first thing we would do in this case would be searching the web using a standard Google crawler.
Through our research - we would think deeply about the differences between the Google and Censys crawlers and we would come to a conclusion that Google would offer us the web content being visible to a browser, while Censys would go deeper and offer us infrastructure that would include the web servers, devices being connected to the internet and much more.
On the other hand, the Google got suitable for quite surface searches offering as the results which got some sort of the web interface such as websites, webpages and web presentations.
The Censys is so serious product giving us the IP addresses of devices being the part of the web.
Sometimes it's possible to get some webpage as a result of the Censys search, but in that case - you should get aware that such a result must be correlated with some of the IoT assets.
As it's illustrated in a Figure 2 - we would get the web link to a PTT Service.
The fact is that in such a case - we would get the IP addresses of some PTT Net's web servers.
As it's shown through the Figure 4 - we would select some of the results leading us to some of the PTT Net's web servers.
It's quite obvious that this detailed representation would provide us more information what such web server is about.
We would get more details about its physical location as well as web server's administration.
Let us remind you - that would happen when we tried to explain how it's easy to hack those thousand web assets being available through the Shodan's crawler.
Many web resources would offer a quite convenient explanation how hacking of any IT infrastructure works in practice.
We would warmly advise all people spending a lot of time on the web on a daily basis to try to think hard and figure out how these emerging technologies could get applied in protecting our assets and preventing any sort of a cybercrime.
The main thing that we would notice through this research is that it's quite easy to threaten all - mechatronics and embedded systems as well as business assets.
Through these case studies - we would see how it works in practice and how vulnerable our IT assets are.
This Cyber News was published on www.cyberdefensemagazine.com. Publication date: Thu, 28 Dec 2023 06:13:05 +0000