Taking Control: Design and Implementation of Botnets for Cyber-Physical Attacks with CPSBot
This addresses the threat of coordinated attacks on critical infrastructure like water systems, representing a novel application rather than an incremental improvement in traditional botnet design.
The authors tackled the problem of botnets lacking capabilities for cyber-physical system (CPS) attacks by developing CPSBot, a framework to build cyber-physical botnets, and demonstrated through attacks on real and simulated water distribution systems that malicious control with negligible latency is achievable.
Recently, botnets such as Mirai and Persirai targeted IoT devices on a large scale. We consider attacks by botnets on cyber-physical systems (CPS), which require advanced capabilities such as controlling the physical processes in real-time. Traditional botnets are not suitable for this goal mainly because they lack process control capabilities, are not optimized for low latency communication, and bots generally do not leverage local resources. We argue that such attacks would require cyber-physical botnets. A cyber-physical botnet needs coordinated and heterogeneous bots, capable of performing adversarial control strategies while subject to the constraints of the target CPS. In this work, we present CPSBot, a framework to build cyber-physical botnets. We present an example of a centralized CPSBot targeting a centrally controlled system and a decentralized CPSBot targeting a system distributed control. We implemented the former CPSBot using MQTT for the C&C channel and Modbus/TCP as the target network protocol and we used it to launch several attacks on real and simulated Water Distribution. We evaluate our implementation with distributed reply and distributed impersonation attacks on a CPS, and show that malicious control with negligible latency is possible.