Security breach records 134 million attacks against Internet of Things

Security breach records 134 million attacks against Internet of Things

A hole now patched in Realtek chips, but still widely present in outdated IoT devices, led to a total of more than 134 million attacks over a period of just over a year. Criminals responsible for known botnet families carry out contamination attempts against devices from at least six manufacturers in more than 30 countries.

  • Four urgent measures to increase the security of your company
  • Zero trust and the future of office work

The fault, more specifically, is in the development system of Realtek Jungle components. Tracked as CVE-2021-35394 and considered to be of high severity, it allows devices’ memory to be corrupted for entering arbitrary commands and remote code execution. The correction came in August 2021, with just a matter of days before it began to be exploited by cybercriminals as well.

According to a survey by Unit 42, the digital security arm of Palo Alto Networks, more than 50 devices from recognized manufacturers such as D-Link, LG, Belkin, Zyxel, Asus and Netgear are vulnerable. The United States accounts for 48.3% of all attacks recorded between August 2021 and December of last year, with Vietnam, Russia, the Netherlands and France following the most affected territories.

Manufacturers Affected Devices
D Link 31
lg 8
Belkin 6
Zyxel 6
asus 4
netgear 1

Corporate systems, of course, are the main focus of an exploit being carried out by the criminal actors behind widely known botnets such as Mirai, Gafgyt and Mozi, among others. According to the experts, the attacks involve three different ways, which may or may not be combined to deliver malware to the devices, execute malicious files directly on them or reset servers connected to the devices, in order to open more doors of intrusion in the network.

Denial of service incidents were also recorded as part of the wave of attacks, a common use for compromised Internet of Things devices. According to Unit 42, almost half of the IPs used in offensives of this type also originate in the US, but VPNs and obfuscation systems may have been used by the bad guys to escape blocklists or hide the real source of the offensives.

Updates are not passed to users

Experts expect the intense exploration of the breach to continue throughout 2023, especially as it gains more and more notoriety. Meanwhile, the problem highlights a difficulty in the supply chain of the Internet of Things, with different intermediaries that end up becoming an obstacle in solving security problems.

While Realtek released a fix for the flaw as soon as it was detected, the same is not always true for device manufacturers. Between companies that do not pass on updates to their customers and users that do not apply them even if they are available, a valuable exploitation chain is set up for cybercriminals and, also, a wide entry vector for attacks.

The security recommendation is regarding the immediate application of all available updates for your device, as well as the taking of protection measures involving the use of secure passwords in control panels and administration systems. In the corporate world, management and monitoring systems can also be applied to facilitate the installation of updates and the detection of problems. Indicators of Compromise have also been released to assist in identifying affected devices.

Source: Unit 42 (Palo Alto Networks)