Daily Threat Brief
BCMUPnP_Hunter IoT Botnet infects 100k routers worldwide, sends spam
The malware exploits a vulnerability in the UPnP-enabled devices
https://www.2-spyware.com/bcmupnp_hunter-iot-botnet-infects-100k-routers-worldwide-sends-spam
Security experts from Netlab 360 reported[1] on Wednesday that a sophisticated botnet has been detected. They logged up to 100,000 scan sources coming from TCP port 5431 and UDP port 1900. The malware, dubbed BCMUPnP_Hunter, abuses a five-year-old vulnerability in BroadCom's UPnP[2] (Universal Plug and Play) to spread.
The flaw was discovered in 2013 by DefenseCode researchers[3] and is well known in the cybersecurity world. UPnP SDK was used in millions of router devices manufactured by differed vendors all across the globe. The brands include Linksys, D-Link, TP-Link, ZTE, NetComm, among which Netlab 360 experts listed 116 models.
The botnet uses a self-built proxy network[4] that actively communicates with the most popular email providers like Outlook, Yahoo!, Hotmail, and many others. Researchers speculate that the connections are used to send out spam.
The infected devices are spread all over the world, but the most affected countries include India (147.7k), the USA (22.3k) and China totaling with 19.2k unique IP addresses. Netlab 360 experts also reported that the number of infections might reach 400,000 in the near future.
Berg Insight says 274 million smart meters in Europe must be made secure by design
https://iotbusinessnews.com/2018/11/09/70114-berg-insight-says-274-million-smart-meters-in-europe-must-be-made-secure-by-design/
According to a new report from the IoT analyst firm Berg Insight, the installed base of smart electricity and gas meters in Europe will grow by 22 percent in 2018 to reach 151.9 million.
Until 2023, the installed base is forecasted to increase by 80 percent to reach 273.7 million. Growth will be driven by nationwide rollouts of smart electricity and gas meters in France, Italy, the UK and several other countries. As a result, energy networks are quietly becoming massive IoT networks made up of connected smart meters and other smart grid devices. Like any data network, the smart grid is vulnerable for attacks. Berg Insight recognises a growing awareness among industry players and governments that smart grid security should be considered a top national interest.
Threat Actors Exploiting Red Team Tool JexBoss
https://www.infosecurity-magazine.com/news/threat-actors-exploiting-red-team/
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Department of Homeland Security (DHS), has issued a US-CERT alert for the JBoss Verify and EXploitation (JexBoss) tool, an open-source tool often used by red teams.
According to the alert, malicious actors are using JexBoss to test and exploit vulnerabilities not only in the JBoss Application Server (JBoss AS) but also in a variety of Java applications and platforms.
Written in the Python programming language, the JexBoss tool used in threat hunting automates all the phases of a cyber-attack, making it a powerful tool when used by threat actors. Attackers have reportedly used JexBoss in the SamSam ransomware campaign that targeted the healthcare industry.
Able to run from most standard operating systems, JexBoss allows an attacker to execute arbitrary OS commands on the target host, the CERT said. Through either installing a webshell, blindly injecting commands, or establishing a reverse shell, the attacker is able to submit OS commands.
In an exploit attempt, researchers were successful in the delivery, exploitation, installation, command-and-control and action on objectives phases, and NCCIC determined that JexBoss operates at all seven phases of the Cyber Kill Chain framework.
The malware exploits a vulnerability in the UPnP-enabled devices
https://www.2-spyware.com/bcmupnp_hunter-iot-botnet-infects-100k-routers-worldwide-sends-spam
Security experts from Netlab 360 reported[1] on Wednesday that a sophisticated botnet has been detected. They logged up to 100,000 scan sources coming from TCP port 5431 and UDP port 1900. The malware, dubbed BCMUPnP_Hunter, abuses a five-year-old vulnerability in BroadCom's UPnP[2] (Universal Plug and Play) to spread.
The flaw was discovered in 2013 by DefenseCode researchers[3] and is well known in the cybersecurity world. UPnP SDK was used in millions of router devices manufactured by differed vendors all across the globe. The brands include Linksys, D-Link, TP-Link, ZTE, NetComm, among which Netlab 360 experts listed 116 models.
The botnet uses a self-built proxy network[4] that actively communicates with the most popular email providers like Outlook, Yahoo!, Hotmail, and many others. Researchers speculate that the connections are used to send out spam.
The infected devices are spread all over the world, but the most affected countries include India (147.7k), the USA (22.3k) and China totaling with 19.2k unique IP addresses. Netlab 360 experts also reported that the number of infections might reach 400,000 in the near future.
Berg Insight says 274 million smart meters in Europe must be made secure by design
https://iotbusinessnews.com/2018/11/09/70114-berg-insight-says-274-million-smart-meters-in-europe-must-be-made-secure-by-design/
According to a new report from the IoT analyst firm Berg Insight, the installed base of smart electricity and gas meters in Europe will grow by 22 percent in 2018 to reach 151.9 million.
Until 2023, the installed base is forecasted to increase by 80 percent to reach 273.7 million. Growth will be driven by nationwide rollouts of smart electricity and gas meters in France, Italy, the UK and several other countries. As a result, energy networks are quietly becoming massive IoT networks made up of connected smart meters and other smart grid devices. Like any data network, the smart grid is vulnerable for attacks. Berg Insight recognises a growing awareness among industry players and governments that smart grid security should be considered a top national interest.
Threat Actors Exploiting Red Team Tool JexBoss
https://www.infosecurity-magazine.com/news/threat-actors-exploiting-red-team/
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Department of Homeland Security (DHS), has issued a US-CERT alert for the JBoss Verify and EXploitation (JexBoss) tool, an open-source tool often used by red teams.
According to the alert, malicious actors are using JexBoss to test and exploit vulnerabilities not only in the JBoss Application Server (JBoss AS) but also in a variety of Java applications and platforms.
Written in the Python programming language, the JexBoss tool used in threat hunting automates all the phases of a cyber-attack, making it a powerful tool when used by threat actors. Attackers have reportedly used JexBoss in the SamSam ransomware campaign that targeted the healthcare industry.
Able to run from most standard operating systems, JexBoss allows an attacker to execute arbitrary OS commands on the target host, the CERT said. Through either installing a webshell, blindly injecting commands, or establishing a reverse shell, the attacker is able to submit OS commands.
In an exploit attempt, researchers were successful in the delivery, exploitation, installation, command-and-control and action on objectives phases, and NCCIC determined that JexBoss operates at all seven phases of the Cyber Kill Chain framework.
Comments
Post a Comment