Internet of Insecure Things

Uploaded on 2016-10-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The Internet of insecure things just keeps getting murkier and more problematic. Researchers have determined that hackers are abusing a 12-year-old vulnerability in OpenSSH to attack the ‘Internet of un-patchable things’.

Since anyone can now download the Mirai source code – it’s is even on GitHub – then players across the field, both botnet dabblers and researchers, are playing around with the malware that hijacks IoT devices and is responsible for the largest DDoS attack on record.

In fact, researchers at Incapusla are already reporting new attacks that seem to be “experimental first steps of new Mirai users who were testing the water after the malware became widely available. Likely, these are signs of things to come and we expect to deal with Mirai-powered attacks in the near future.”

Is the sky really falling? Well, if the underground market treats Mirai malware like it has other malicious source code which has been leaked, then welcome to an IoT DDoSing nightmare. Researchers at F5 said to expect thugs “to adapt, combine, and improve the code, resulting in newer and enhanced variants.” F5 warned, “We can definitely expect the IoT DDoSing trend to rise massively in the global threat landscape.”

IoT devices being used in mass-scale SSHowDowN Proxy attacks

Add to that an OpenSSH vulnerability which has been around for 12 years and the fact that attackers are exploiting the flaw to create huge amounts of traffic for SSHowDowN Proxy attacks launched against e-commerce and other sites.

Researchers at Akamai Technologies disclosed that new targeted attacks, which use a very old flaw, are originating from IoT devices such as: DVR, NVR and CCTV video surveillance devices, satellite antenna equipment, networking devices such as routers, hotspots, WiMax, cable and ADSL modems, and Network Attached Storage (NAS) devices connected to the internet. Other devices hooked online may also be susceptible.

The IoT devices are being used to mount attacks “against a multitude of internet targets and internet-facing services, such as HTTP, SMTP and network scanning,” as well as to mount attacks against internal networks that host the devices.

In many cases, there are default login settings such as “admin” and “admin” or other lax credentials to get to the web management console. Once attackers access the web admin console, they can compromise the device’s data and sometimes even take complete control of the machine.

The attack itself is not new, but Akamai Technologies has seen a surge in SSHowDowN Proxy attacks in which IoT devices are being “actively exploited in mass scale attack campaigns.”

A new report on exploiting IoT and SSHowDowN  explains that the root causes for the vulnerability include weak factory-default administration credentials, the fact that the devices allow remote SSH connections and the devices allow TCP forwarding.

Default passwords

Default passwords have long plagued the security industry and put users at great risk. Since the Mirai source code was made public, many sites have published the 61 passwords powering the Mirai botnet which is capable of hijacking over 500,000 vulnerable IoT devices.

Double that number by adding in devices with shoddy-to-no-security which are made by the Chinese firm XiongMai Technologies. Flashpoint researchers said there are over 500,000 devices on public IPs that are vulnerable to the username and password combination “root” and “xc3511.”

130,000 vulnerable Avtech systems

Search Lab’s Gergely Eberhardt found 14 vulnerabilities in Avtech devices like DVRs and IP cameras; there are 130,000 Avtech devices exposed on the internet and “Avtech is the second most popular search term in Shodan.”

Eberhardt found the vulnerabilities and first attempted to contact the company back in September 2015. After more than a year and zero response from Avtech, Eberhardt published an advisory and proof-of-concept scripts for the flaws.

If you don’t want your Avtech device to end up as part of an IoT botnet, then owners should change the default admin password and go the extra safe mile of never exposing “the web interface of any Avtech device to the internet.”

You should always change the default passwords to anything, but some manufacturers didn’t have enough concern for users to build in that option.

Internet of un-patchable things

“We're entering a very interesting time when it comes to DDoS and other web attacks; 'The Internet of Un-patchable Things' so to speak,” explained Ory Segal, senior director of Threat Research at Akamai. “New devices are being shipped from the factory not only with this vulnerability exposed, but also without any effective way to fix it. We've been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality.”

Computerworld:        Internet of Things will drive the Digital Revolution of Industry:

 

« Smartphone “Video Jacking” From Power Sockets
DDoS: Deceptive Denial Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

InfoSec People

InfoSec People

InfoSec People is a boutique cyber and technology recruitment consultancy, built by genuine experts.

Varonis

Varonis

Varonis provide a security software platform to let organizations track, visualize, analyze and protect their unstructured data.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Sponge

Sponge

Sponge is a world-renowned digital learning provider on a mission to make learning unforgettable.

ITRenew

ITRenew

ITRenew is a leading global IT lifecycle management solutions company, specializing in onsite data center decommissioning and data erasure services.

Key Cyber Solutions

Key Cyber Solutions

Key Cyber is an IT consulting firm that specializes in agile software development services, program management and infrastructure services, cyber security and cloud and managed services.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Raman Power Technologies

Raman Power Technologies

Raman Power Technologies focus on bringing value and solving business challenges through the delivery of modern IT services and solutions including cybersecurity.