Hideyuki Furukawa
Last known affiliation: National Institute of Information and Communications Technology
Bio: FURUKAWA Hideyuki is a malware analyst with 18 years of experience in binary code analysis for microcontrollers at a leading semiconductor company. His expertise spans reverse engineering and embedded systems software.
Masaki Kubo 🗣 | Yuki Umemura 🗣 | Yoshiki Mori | Hideyuki Furukawa | Kanta Okugawa
Abstract (click to view)
Since December 2021, we have been investigating DVRs that have been exploited as DDoS launchpads, impacting ISP networks. Our initial discovery came from external information provided by an ISP, revealing that infected devices do not propagate scans like Mirai. As a result, infections spread covertly and remain undetected.
The attackers identify research target devices through using passive scan data like shodan/Censys, as well as internet scanning. After identifying the target, they launch attacks exclusively against these specific devices. This focused targeting makes it impossible to observe the campaign through general honeypots because to observe the actual attacks, honeypot must return the actual response and unless the actual target is known, it is difficult to emulate. Using information from external sources, we have identified the targeted devices/brands, purchased them, and initiated direct analysis. Over the past three years, each time a new device was identified as a target, we acquired the physical hardware for analysis. This approach allowed us to investigate the ecosystem of the IoT bot:
- the global distribution of targeted devices
- Chinese, Korean, and Taiwanese OEM vendors and their rebranded ODM products
- the zero-day vulnerabilities exploited by attackers
- attack tools (obtained from confiscated attack infrastructure)
- and malware characteristics.
In this presentation, we will share the findings and insights gained from our three-year investigation and analysis.
