DTX Manchester DTX Manchester
  • About Us
Tuesday, 2 March, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Attackers Taking Advantage of the “Internet of Unpatchable Things”

by The Gurus
October 14, 2016
in Editor's News
Share on FacebookShare on Twitter

Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today published new research from the company’s Threat Research team. Akamai researchers Ory Segal and Ezra Caltum have identified a recent spate of attacks whereby attackers are using Internet of Things (IoT) devices to remotely generate attack traffic by using a 12-year old vulnerability in OpenSSH, which we are calling SSHowDowN Proxy. A full report detailing the attacks is available for download here http://akamai.me/2dTsrg8.
Overview
It is important to note that the research and subsequent advisory do not introduce a new type of vulnerability or attack technique, but rather a continued weakness in many default configurations of Internet-connected devices. These devices are now actively being exploited in mass-scale attack campaigns against Akamai customers.
The Threat Research Team has observed SSHowDowN Proxy attacks originating from the following types of devices:

  • CCTV, NVR, DVR devices (video surveillance)
  • Satellite antenna equipment
  • Networking devices (e.g. Routers, Hotspots, WiMax, Cable and ADSL modems, etc.)
  • Internet connected NAS devices (Network Attached Storage)
  • Other devices could be susceptible as well

Compromised devices are being used for:

  • Mounting attacks against a multitude of Internet targets and Internet-facing services, such as HTTP, SMTP and Network Scanning
  • Mounting attacks against internal networks that host these connected devices

Once malicious users access the web administration console, they have been able to compromise the device’s data and, in some cases, fully take over the machine.
“We’re entering a very interesting time when it comes to DDoS and other web attacks; ‘The Internet of Unpatchable Things’ so to speak,” explained Ory Segal, senior director, Threat Research, Akamai. “New devices are being shipped from the factory not only with this vulnerability exposed, but also without any effective way to fix it. We’ve been hearing for years that it was theoretically possible for IoT devices to attack. That, unfortunately, has now become the reality.”
Mitigation
Some recommended approaches to mitigation include:

  • If the device offers access to alter the SSH passwords or keys, change those from the vendor defaults.
  • If the device offers direct file system access:

o   Add “AllowTcpForwarding No” into the global sshd_config file.
o   Add “no-port-forwarding” and “no-X11-forwarding” to the ~/ssh/authorized_ keys file for all users.

  • If neither option above is available, or if SSH access is not required for normal operation, disable SSH entirely via the device’s administration console.

If the device is behind a firewall, consider doing one or more of the following:

  • Disable inbound connections from outside the network to port 22 of any deployed IoT devices
  • Disable outbound connections from IoT devices except to the minimal set of ports and IP addresses required for their operation.

 
Akamai continues to monitor and analyse data related to this ongoing IoT threat. To learn more, please download a complimentary copy of the research white paper at http://akamai.me/2dTsrg8.

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Anti-Money Laundering regulation tops list of compliance headaches for 60 per cent of banking executives

Next Post

How hackers handle stolen login data

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Dripping tap

Learning from past hacking attacks

March 2, 2021
Twitter Logo

Twitter tightens rules on the spread of misinformation

March 2, 2021
A crowd of Trump supporters

“GabLeaks”: Far-Right platform Gab is hacked, with posts leaked online

March 1, 2021
Coding in a laptop

Go is becoming the language of choice for malware developers

March 1, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept