|Dispersion:||Internet, Direct Attack|
Several IOT devices have been detected with vulnerabilities that are actively beeing utilized in a new larger Botnet that appeared in September. The virus uses several vulnerabilities including direct attack on the IOT device that are affected. Devices that are compromised can also be used for further attacks within the affected companies.
A new major botnet spreads incredibly fast all over the world. The botnet utilizes vulnerable IOT devices and embeds their own software on those, that attackers can use. The virus will then try to to spread to other units by itself.
The botnet was detected by Checkpoint in September and several command and control servers are already in the network. This is comparable to the previous Mirai botnet that took out parts of the internet, but is much more advanced since it uses multiple attack vectors to enter the devices. Until now, it is uncertain what the botnet should be used for, but there are fear of attacks on central infrastructure.
Checkpoint Software has published the following list of manufacturers with vulnerabilities uncovered so far:
|GoAhead||Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure|
|Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution|
|D-Link||D-Link 850L Router Remote Code Execution|
|D-Link DIR800 Series Router Remote Code Execution|
|D-Link DIR800 Series Router Information Disclosure|
|D-Link 850L Router Remote Unauthenticated Information Disclosure|
|D-Link 850L Router Cookie Overflow Remote Code Execution|
|Dlink IP Camera Video Stream Authentication Bypass – Ver2|
|Dlink IP Camera Luminance Information Disclosure – Ver2|
|D-Link DIR-600/300 Router Unauthenticated Remote Command Execution|
|NETGEAR||Netgear DGN Unauthenticated Command Execution|
|Netgear ReadyNAS Remote Command Execution|
|AVTECH||AVTECH Devices Multiple Vulnerabilities|
|Linksys||Belkin Linksys E1500/E2500 Remote Command Execution|
|Linux||Linux System Files Information Disclosure|
Cyberon Security comes with the following recommendations:
- Remove devices that are vulnerable or patch devices to remove vulnerabilities.
- Segregate IOT in its own network behind firewall.
- Do not allow access to IOT devices directly from the internet.
Please contact us for further assistance on this alert.