Tag Archive for: IoT

How to keep your IoT devices secure


Investment in the Internet of Things (IoT) is booming. By 2027 it’s predicted that there will be around 30 billion IoT devices globally, double the number from 2022. IoT isn’t new but its growing popularity is down to companies being able to automate processes and reduce labor costs during a time when operational spend is at its greatest.

All great stuff but on the flip side, the more interconnected your environment, the greater the attack surface for cyber gangs to compromise. Each connected IoT device offers possible entry points for hackers and malicious threat actors, through misconfigurations and other unpatched errors. Just last month Microsoftuncovered instances of cyptojacking, through affected Linux-based IoT devices, an online threat that embeds itself within a device and uses its resources to mine cryptocurrency, also known as cryptomining.

Source…

La Botnet Mirai IZ1H9 amplia il suo arsenale. 13 nuovi exploit per dispositivi IoT sono stati integrati


La Botnet Mirai IZ1H9 amplia il suo arsenale. 13 nuovi exploit per dispositivi IoT sono stati integrati

Redazione RHC 12 Ottobre 2023 08:28

La botnet, che i ricercatori rintracciano con l’identificatore IZ1H9, ha recentemente acquisito tredici nuovi exploit per attaccare router Linux, nonché dispositivi di D-Link, Zyxel, TP-Link, TOTOLINK e altri produttori.

Questa variante di Mirai è stata scoperta per la prima volta nell’agosto 2018 ed è una delle più attive: sfrutta le vulnerabilità senza patch dei dispositivi IoT per infettarli e utilizzarli per lanciare attacchi DDoS.

Secondo gli esperti di Fortinet, il picco degli attacchi IZ1H9 si è verificato nella prima settimana di settembre, quando il numero di tentativi di hacking dei dispositivi vulnerabili ha raggiunto le decine di migliaia.

I ricercatori elencano che in totale la botnet IZ1H9 utilizza più di 30 exploit nei suoi attacchi per le seguenti vulnerabilità risalenti al 2013-2015:

  • D-Link : CVE-2015-1187, CVE-2016-20017, CVE-2020-25506, CVE-2021-45382;
  • Netis WF2419 — CVE-2019-19356;
  • Sunhillo SureLine (versioni fino a 8.7.0.1.1) — CVE-2021-36380;
  • Geutebruck — CVE-2021-33544, CVE-2021-33548, CVE-2021-33549, CVE-2021-33550, CVE-2021-33551, CVE-2021-33552, CVE-2021-33553, CVE-2021-33554;
  • Gestione dispositivi Yealink (DM) 3.6.0.20 — CVE-2021-27561, CVE-2021-27562
  • Zyxel EMG3525/VMG1312 (prima della versione 5.50) : nessun CVE, ma esiste una vulnerabilità nel componente /bin/zhttpd/ dei dispositivi Zyxel;
  • TP-Link Archer AX21 (AX1800) — CVE-2023-1389;
  • Punti di accesso wireless Korenix JetWave – CVE-2023-23295;
  • router TOTOLINK — CVE-2022-40475, CVE-2022-25080, CVE-2022-25079, CVE-2022-25081, CVE-2022-25082, CVE-2022-25078, CVE-2022-25084, CVE-2022-2507 7 , CVE-2022-25076, CVE-2022-38511, CVE-2022-25075, CVE-2022-25083;
  • Router Prolink PRC2402M – CVE non specificato relativo a /cgi-bin/login.cgi (il payload associato ad esso non funziona).

Una volta sfruttata una delle vulnerabilità elencate, sul dispositivo viene consegnato il payload IZ1H9, che contiene un comando per ottenere il loader di script della shell l.sh da un URL specifico. Una volta eseguito, questo script rimuove i log per nascondere attività dannose e quindi recupera…

Source…

Researchers uncover thriving market for malware targeting IoT devices


A thriving underground economy on the dark web offering exploits for zero-day vulnerabilities in IoT devices as well as IoT malware bundled with infrastructure and supporting utilities was uncovered by Kaspersky researchers.

The most notable service, in high demand amongst hackers, was found to be Distributed Denial of Service (DDoS) attacks orchestrated through IoT botnets.

Internet of Things or IoT devices are non–standard computing hardware used to extend internet connectivity beyond traditional internet devices. IoT devices include sensors, actuators, or appliances capable of connecting to the internet. These devices can be remotely monitored or controlled and are used in both industrial as well as end-consumer products including mobile devices, industrial equipment, and medical devices.

While the primary method of infecting IoT devices was found to be brute-forcing weak passwords, which has been the preferred method for some time, exploiting vulnerabilities in network services was also found to be a popular method of compromising the security of IoT devices.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

IoT devices were also found to be facing vulnerabilities due to exploits in the services they use. These attacks often involve the execution of malicious commands by exploiting vulnerabilities in IoT web interfaces, resulting in significant consequences, such as the spread of malware.

The research also revealed that the cost of these services varies depending on factors like DDoS protection, CAPTCHA, and JavaScript verification on the victim’s side, ranging from $20 per day to $10,000 per month.

“On average, the ads offered these services at $63.5 per day or $1350 per month,” Kaspersky said in a release.

“Kaspersky urges vendors to prioritize cybersecurity in both consumer and industrial IoT devices. We believe that they must make changing default passwords on IoT devices mandatory and consistently release patches to fix vulnerabilities,” Yaroslav Shmelev, a security expert at Kaspersky said.

This is a Premium article available exclusively to our subscribers. To read 250+ such premium articles every

Source…

Kaspersky Reveals Alarming IoT Threats and Dark Web DDoS Boom


The cybersecurity researchers at Kaspersky have unveiled alarming statistics about the expanding cybercrime economy on the dark web.

Key Findings:

  1. DDoS Demand Soars: Kaspersky’s analysts discovered over 700 dark web ads for DDoS attack services in H1 2023, highlighting the escalating demand among hackers.
  2. Cost of DDoS Services: Rates for DDoS attack services on the dark web ranged from $20 per day to $10,000 per month, with an average cost of $63.50 per day or $1,350 per month.
  3. IoT Malware Evolution: Fierce competition among cybercriminals has driven the development of IoT malware, with features designed to thwart rival malware, including firewall rules and process terminations.
  4. Brute-Force Attacks Prevalent: Brute-forcing weak passwords remains the primary method for compromising IoT devices, with 97.91% of attacks focusing on Telnet, compared to 2.09% on SSH.
  5. Global Attack Landscape: While China, India, and the United States were the primary targets of IoT attacks, China, Pakistan, and Russia emerged as the most active attackers, highlighting the global reach of cyber threats.

The Internet of Things (IoT) landscape is under siege, with a growing underground economy centered around IoT-related services, particularly for Distributed Denial of Service (DDoS) attacks, according to a recent report by cybersecurity firm Kaspersky.

The study delves into the evolving threats targeting the IoT sector, shedding light on the modus operandi of cybercriminals and the alarming prevalence of malware types.

IoT devices are poised to surpass a staggering 29 billion by 2030, making them an attractive target for cybercriminals. Kaspersky’s research presents crucial insights into dark web activities, prevalent malware strains, and the tactics employed by hackers.

While DDoS protection and mitigation services are utilizing all available resources to secure their clients’ infrastructure; DDoS attacks orchestrated through IoT botnets are experiencing a surge in demand within the cybercriminal community. Kaspersky’s Digital Footprint Intelligence service analysts unearthed over 700 ads for DDoS attack services on various dark web forums in the first half of…

Source…