More than three dozen cybercrime and digital forensics experts from 23 countries have investigated a simulated attack on a bank that had been carried out through an IoT device.
Cybercrime investigators from across the world joined a training exercise recently that had them dealing with a simulated attack launched through an Internet-of-Things (IoT) device.
A total of 43 investigators and experts in digital forensics from 23 countries investigated the would-be attack on a bank. The exercise, called the ‘INTERPOL Digital Security Challenge’, was organized by INTERPOL in Vienna, Austria, and took place over three days in February.
The organization noted that police forces worldwide are often unaware of how to collect forensic evidence from devices other than computers and mobiles. This issue is especially relevant considering the significant cybersecurity risks that the proliferation of vulnerable IoT devices represents.
“Cybercrime investigations are becoming more and more complex and operational exercises such as the Digital Security Challenge, which simulate some of the hurdles that investigators face every day, are vital for the development of our capacities,” Peter Goldgruber, Secretary General of the Austrian Ministry of the Interior, was quoted as saying.
In INTERPOL’s scenario, adversaries deployed malware in an attempt to siphon off large amounts of money from the bank.
The investigators applied digital forensics to establish when and where on the bank’s computers the malicious code was installed.
“Through this digital forensic examination, the teams discovered the malware was contained in an e-mail attachment sent via a webcam which had been hacked, and not directly from a computer,” said INTERPOL. The organization added that this “emerging modus operandi” is aimed at helping cover up the source of the attack.
The investigators later identified another C&C server, as well as a number of server vulnerabilities that “could be used to prevent further attacks”, said INTERPOL.
In the first incarnation of the event in 2016, they had to come to grips with the challenge of identifying, within 52 hours, a blackmailer who demanded a ransom of 10,000 bitcoin on pain of releasing sensitive corporate information.