Internet of Insecure Things

Uploaded on 2016-10-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Internet of insecure things just keeps getting murkier and more problematic. Researchers have determined that hackers are abusing a 12-year-old vulnerability in OpenSSH to attack the ‘Internet of un-patchable things’.

Since anyone can now download the Mirai source code – it’s is even on GitHub – then players across the field, both botnet dabblers and researchers, are playing around with the malware that hijacks IoT devices and is responsible for the largest DDoS attack on record.

In fact, researchers at Incapusla are already reporting new attacks that seem to be “experimental first steps of new Mirai users who were testing the water after the malware became widely available. Likely, these are signs of things to come and we expect to deal with Mirai-powered attacks in the near future.”

Is the sky really falling? Well, if the underground market treats Mirai malware like it has other malicious source code which has been leaked, then welcome to an IoT DDoSing nightmare. Researchers at F5 said to expect thugs “to adapt, combine, and improve the code, resulting in newer and enhanced variants.” F5 warned, “We can definitely expect the IoT DDoSing trend to rise massively in the global threat landscape.”

IoT devices being used in mass-scale SSHowDowN Proxy attacks

Add to that an OpenSSH vulnerability which has been around for 12 years and the fact that attackers are exploiting the flaw to create huge amounts of traffic for SSHowDowN Proxy attacks launched against e-commerce and other sites.

Researchers at Akamai Technologies disclosed that new targeted attacks, which use a very old flaw, are originating from IoT devices such as: DVR, NVR and CCTV video surveillance devices, satellite antenna equipment, networking devices such as routers, hotspots, WiMax, cable and ADSL modems, and Network Attached Storage (NAS) devices connected to the internet. Other devices hooked online may also be susceptible.

The IoT devices are being used to mount attacks “against a multitude of internet targets and internet-facing services, such as HTTP, SMTP and network scanning,” as well as to mount attacks against internal networks that host the devices.

In many cases, there are default login settings such as “admin” and “admin” or other lax credentials to get to the web management console. Once attackers access the web admin console, they can compromise the device’s data and sometimes even take complete control of the machine.

The attack itself is not new, but Akamai Technologies has seen a surge in SSHowDowN Proxy attacks in which IoT devices are being “actively exploited in mass scale attack campaigns.”

A new report on exploiting IoT and SSHowDowN  explains that the root causes for the vulnerability include weak factory-default administration credentials, the fact that the devices allow remote SSH connections and the devices allow TCP forwarding.

Default passwords

Default passwords have long plagued the security industry and put users at great risk. Since the Mirai source code was made public, many sites have published the 61 passwords powering the Mirai botnet which is capable of hijacking over 500,000 vulnerable IoT devices.

Double that number by adding in devices with shoddy-to-no-security which are made by the Chinese firm XiongMai Technologies. Flashpoint researchers said there are over 500,000 devices on public IPs that are vulnerable to the username and password combination “root” and “xc3511.”

130,000 vulnerable Avtech systems

Search Lab’s Gergely Eberhardt found 14 vulnerabilities in Avtech devices like DVRs and IP cameras; there are 130,000 Avtech devices exposed on the internet and “Avtech is the second most popular search term in Shodan.”

Eberhardt found the vulnerabilities and first attempted to contact the company back in September 2015. After more than a year and zero response from Avtech, Eberhardt published an advisory and proof-of-concept scripts for the flaws.

If you don’t want your Avtech device to end up as part of an IoT botnet, then owners should change the default admin password and go the extra safe mile of never exposing “the web interface of any Avtech device to the internet.”

You should always change the default passwords to anything, but some manufacturers didn’t have enough concern for users to build in that option.

Internet of un-patchable things

“We're entering a very interesting time when it comes to DDoS and other web attacks; 'The Internet of Un-patchable Things' so to speak,” explained Ory Segal, senior director of Threat Research at Akamai. “New devices are being shipped from the factory not only with this vulnerability exposed, but also without any effective way to fix it. We've been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality.”

Computerworld:        Internet of Things will drive the Digital Revolution of Industry:

 

« Smartphone “Video Jacking” From Power Sockets
DDoS: Deceptive Denial Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

File Centre

File Centre

File Centre is a leading specialist when it comes to data backup, we offer our clients a premium backup retrieval and delivery solution.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Acreto

Acreto

Acreto is an end-to-end security infrastructure that protects all your technologies with a single, simple cloud service.

HighPoint

HighPoint

HighPoint is a leading technology infrastructure solutions provider offering consultancy, solutions and managed services for network infrastructure and cybersecurity.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

Gradient Cyber

Gradient Cyber

Gradient Cyber is a trusted cybersecurity partner specializing in small businesses and mid-market enterprises concerned about cybersecurity but lacking the staff to give it the attention it deserves.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Red Helix

Red Helix

Red Helix (formerly Phoenix Datacom) is a market leader in network performance and cyber security.