Say Hello to Shodan

For those who don’t know Shodan, just try to imagine a super radar that scans devices connected on the Internet and collects all kinds of information about the discovered devices. Shodan scans the Internet to find accessible IP addresses and open ports (protocols by which the device is accessible). But Shodan can also provide a list of devices filtered by region, country, family of device (Servers, camera, router, HVAC controller, water system controller, etc.).

This kind of information may be used (and is used) by hackers to find targets and setup cyberattacks. And what makes it worse is that all these IoT and IIoT devices have in common a very low resilience to cyber-attacks.          

Basically, any hacker willing to organize a DDOS attack needs literally to buy thousands of IP addresses of vulnerable devices and install in each device a small script to orchestrate a mega attack on targeted corporate servers, like the Mirai Botnet.

They can also simply install ransomware and shut down an entire video surveillance network of a city until the city accepts to pay the ransom, like the cyber-attack on Washington DC taking down the public CCTV network just a few days before the presidential inauguration by Donald Trump.

 Things may get worse when coming to critical infrastructure systems. For instance, attacks launched on control systems of wastewater treatment plants may be catastrophic and may deprive an entire region of drinkable water.

 Individual pirates and criminal organizations benefit today from a large range of very powerful weapons like Shodan. Indeed, Shodan is only one of the numerous tools available, not to mention powerful arsenal one can find on the dark web.

In the era of the COVID-19, the needs for remote access become even more important. Security managers and officers need a long-term strategy to answer this kind of threat: of course, in this case, the simplest way to be protected from such engines, is to remain invisible. So, the real challenge is how to expose devices but, at the same time, remain undetectable from unauthorized people. Today, there are products like ThinGuard developed by EasySec Solutions that hide devices and prevent their discovery by scanner engines like Shodan.

 NB : You may be surprised to find some of your devices listed in Shodan. In this case, as an immediate action, you can remove your devices from Shodan by following the explanations in this article.