Search This Blog

Showing posts with label IoT. Show all posts

The Future Comes With Promising Edge Technology, Say Experts

 

The huge amount of data continuously collected via billions of sensors and devices that comprise the IoT can pose a serious threat for organizations that depend on primitive intelligence and analytics tools. Since the beginning, these devices have not been much effective and needed central servers to process data, mostly cloud-based servers (public) which could be far away. Currently, however, for the same price, you can get more computing power, making way for AI-powered, and edge located devices that make their own commands. 

As per the experts, by 2025, 75% of organization-generated data would be created and processed by an edge. From driverless cars capable of processing and analyzing real-time traffic data (without cloud), to factory systems that can process sensor data for future maintenance. This rapid development in the age of smart devices at the edge will provide vast opportunities in businesses and for users. The capability to create automated and store data for analysis linked to the source is most likely to give operational advantage, produce new and effective services, enhance scalability and transfer data away from central servers. 

Along with this, the fast edge development requires that security leaders adhere to discipline even though the distribution of data that seems to be on the horizon. It must be important for the user to understand the relation between edge and IoT (Internet of Things), the edge allows computation to run on device/ local network rather than sending data to be analyzed on public cloud servers or central data centers, which is time-consuming and also costs resources. 

After that, the analyzed data can be sent to its endpoint. Hence, edge computing lowers the bandwidth risks and analyses data within proximity. It is very crucial in IoT as there exist billions of sensors and systems across the world that produce processed data, let it be inter-connected home devices, health wearables, or industrial machinery. "Especially for use cases like healthcare monitoring and safety apps – where milliseconds count – edge computing and cheaper, more powerful AI-powered devices are emerging as perfect partners to process the massive amounts of information generated by connected devices," reports HelpNetSecurity.

Hackers Exploit Camera Vulnerabilities To Spy On Parents

 

Various zero day vulnerabilities in home baby monitor could be compromised that lets threat actors hack into camera feed and put malicious codes like malware. The security issues were find in the IoT gadgets, made by China based developer Victure, that were found by BitDefender experts. In a security report, BitDefender revealed about the stack-based buffer flaw present in ONVIF server Victure PC420 component camera that allows hackers to plant remote codes on the victim device. When compromised, hacker can discover cameras (not owned by them) and command devices to broadcast camera feeds to third party and exploit the camera firmware. 

"When choosing a baby monitor, the security aspect should trump features or price point.This is because similar vulnerabilities have been used in the past by threat actors to directly communicate with children, thus exposing them to interactions with adults outside the family’s circle of trust," Daily Swig reports. As of now, Victure isn't aware about the complete attack scenerio, but it believes that the hacker could exploit the vulnerabilities and spy on residents using these cameras constantly or let other users do the same. 

Cloud users rely on using camera and cloud features and according to experts, around 4 million cameras across the world are impacted by the issue. The vulnerability impacts Victure PC420 firmware variants 1.2.2 and earlier. BitDefender released a report on the vulnerabilities after trying to contact Victure to inform them about the issues. BitDefender tried to make various attempts to get in touch with the company to offer them assistance to deal with the issues. The firm then decided to release a report on the issue to let users know about the vulnerabilities, as their privacy is on stake when their devices are connected. 

Experts advice users to stop using devices immediately and residents should give security priority rather than device." We have been warning about the dangers of vulnerable video equipment for years and we started this vulnerability research project to help parents protect their privacy, as well as their children’s. Sometimes, vendors choose to ignore these gaping holes and leave customers exposed instead" said the researcher to Daily Swig.

Vulnerabilties Found in Realtek Module

A new type of severe rated vulnerabilities has been revealed in the Realtek RTL8170C Wi-Fi module. A hacker could exploit these vulnerabilities to gain access to a device and attack wireless communications. According to experts Vdoo, an Israeli tech IoT firm, if an exploit is successful, it would result in control of complete WiFi module possible root access in the Linux or Android OS, of the embedded devices using this module. 

Hacker News reports "Realtek RTL8710C Wi-Fi SoC underpins Ameba, an Arduino-compatible programmable platform equipped with peripheral interfaces for building a variety of IoT applications by devices spanning across agriculture, automotive, energy, healthcare, industrial, security, and smart home sectors." These vulnerabilities impact all IoT and embedded devices that use the module for connecting to Wi-Fi networks and the hacker would have to be on the same Wi-Fi network. It is because the firmware knows the network's pre-shared key (PSK) or uses the RTL8710C module. 

PSK, as the name suggests, is a cryptographic code that is used to verify wireless devices on LANs. "In the same vein, the RTL8170C Wi-Fi module's WPA2 four-way handshake mechanism is vulnerable to two stack-based buffer overflow vulnerabilities (CVE-2020-27301 and CVE-2020-27302, CVSS scores: 8.0) that abuse the attacker's knowledge of the PSK to obtain remote code execution on WPA2 clients that use this Wi-Fi module," reports The Hacker News. An earlier investigation in February revealed similar vulnerabilities in the Realtek RTL8195A Wi-Fi module, the primary one being a buffer overflow vulnerability (CVE-2020-9395). 

It allows a hacker who is in the range of an RTL8195 module to completely hijack the module, without needing a Wi-Fi password. In a possible real-world attack situation, experts performed a PoC (proof of concept) exploit where the hacker disguises as an authorized access point and sends an infected encrypted GTK (group temporal key) to the supplicant (client) with the help of WPA2 protocol connection. GTK is used for securing broadcast and multicast traffic. "During the analysis, we have discovered and responsibly disclosed six major vulnerabilities in Realtek’s RTL8195A Wi-Fi module that these devices were based on," said Vdoo.

Commercial Third Party Code Sources Pose Security Risks

 

Despite the fact that the use of third-party code in IoT projects has increased by 17 percent in the last five years, according to VDC Research, only 56 percent of OEMs have structured security testing policies. Meanwhile, 73.6 percent of respondents said protection was essential, very important, or critical to current projects when asked how important, very important, or critical it was. 

For years, the rate of required innovation outpaced the rate of resource growth within production and quality assurance organizations, making it difficult to keep up organically. With organizations no longer able to focus their code development strategy on custom code, using content from other sources has become more important. 

Because of the possible consequences for corporate harm, liability, and brand reputation loss, protection has become a pervasive and paramount concern in the software supply chain. 

“With more complex software supply chains becoming the norm, organizations are leaning on these third party assets to accelerate their internal software development, which creates security blind spots,” said Chris Rommel, EVP, IoT & Industrial Technology for VDC Research. “With standards such as IEC 62443 requiring increased security of IoT devices, new testing capabilities are needed to address these software creation changes to ensure code quality and minimize risk.” 

GrammaTech, a provider of application security testing tools, launched a new approach in 2020 aimed at exposing vulnerabilities in third-party code used in the production of custom applications. It was called CodeSentry, and it used binary software composition analysis (SCA) to create the code and find any bugs it might have. 

"Using third-party components, rather than building applications from scratch, is an accepted practice for accelerating time to market, and is fueling a massive growth in reusable code," said Mike Dager, CEO of GrammaTech, in a statement. "Most organizations now recognize the security risks that third-party code poses to their applications and business, and the need for software composition analysis provided by CodeSentry, which inspects binaries for unmatched precision."

“Commercial third party code, which is the fastest-growing component software within the IoT market, can contain both proprietary and open source components,” said Andy Meyer, CMO for GrammaTech.

Microsoft Finds Critical Code Execution Bugs In IoT, OT Devices

 

Recently, world-leading giant Microsoft security unit has reported that around 24 critical remote code execution (RCE) vulnerabilities have been found in Operational Technology (OT) industrial systems and Internet of Things (IoT) appliances. The research unit said that this security flaw in the system is collectively known as BadAlloc and because of the memory allocation Integer Overflow or Wraparound bugs, the attack occurred. 

The unit reported that the cybercriminal could utilize this access into the system to crash and execute malicious code remotely into the system. The vulnerabilities have been discovered by Microsoft's researchers into standard memory allocation systems that come into use in multiple real-time operating systems (RTOS), embedded software development kits (SDKs), and C standard library (libc) implementations. 

"Our research shows that memory allocation implementations written throughout the years as part of IoT devices and embedded software have not incorporated proper input validations…”, the research team noted. 

"…Without these input validations, an attacker could exploit the memory allocation function to perform a heap overflow, resulting in execution of malicious code on a target device, the Microsoft security research team has reported”, they further added.

There is a long list of appliance that get affected by the BadAlloc vulnerabilities: 

• Amazon FreeRTOS, Version 10.4.1 
• ARM Mbed OS, Version 6.3.0 
• eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3 
• ARM mbed-uallaoc, Version 1.3.0 
• Cesanta Software Mongoose OS, v2.17.0 
• ARM CMSIS-RTOS2, versions prior to 2.1.3 
• Apache Nuttx OS, Version 9.1.0 
• Media Tek LinkIt SDK, versions prior to 4.6.1 
• Google Cloud IoT Device SDK, Version 1.0.2 
• Micrium OS, Versions 5.10.1 and prior 
• Micrium uCOS II/uCOS III Versions 1.39.0 and prior 
• Linux Zephyr RTOS, versions prior to 2.4.0 
• NXP MCUXpresso SDK, versions prior to 2.8.2 
• NXP MQX, Versions 5.1 and prior 
• RIOT OS, Version 2020.01.1 
• Samsung Tizen RT RTOS, versions prior 3.0.GBB 
• Redhat newlib, versions prior to 4.0.0 
• Texas Instruments SimpleLink MSP432E4XX 
• Texas Instruments CC32XX, versions prior to 4.40.00.07 
• Texas Instruments SimpleLink-CC13XX, versions prior to 4.40.00 
• Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03 
• Texas Instruments SimpleLink-CC26XX, versions prior to 4.40.00 
• Windriver VxWorks, prior to 7.0 
• Uclibc-NG, versions prior to 1.0.36 
• TencentOS-tiny, Version 3.1.0 

Reportedly, as soon as the security flaw was found out into the system the research unit reported it to the CISA and the vendors.

Research Study Shows That 100 Million IOT Devices are at Risk

 

Forescout Research Labs has disclosed a new collection of DNS vulnerabilities in collaboration with JSOF, potentially impacting over 100 million consumer devices. The seemingly simple code that underpins how computers interact with the internet has identified a shocking number of vulnerabilities for researchers. As of now, there are 9 new vulnerabilities, including Internet of Things products and IT control servers, with approximately 100 million devices worldwide. 

The newly revealed bugs are the code that implements protocol of network communication for connecting devices to the internet in four ubiquitous TCP/IP stacks. In operating systems such as the FreeBSD open-source project and Nucleus NET of the industrial control company Siemens, the vulnerabilities are all related to how the “Domain Name System” Internet phone book is carried out. 

They all encourage an attacker to destroy a computer and take it offline or get remote control access. All the vulnerabilities found by Forescout and JSOF security scientists now have patches, but this does not necessarily lead to corrections in actual devices that frequently run outdated versions of software. 

“With all these findings I know it can seem like we’re just bringing problems to the table, but we're really trying to raise awareness, work with the community, and figure out ways to address it,” says Elisa Costante, vice president of research at Forescout. She further added, “We've analyzed more than 15 TCP/IP stacks both proprietary and open source and we've found that there's no real difference in quality. But these commonalities are also helpful because we've found they have similar weak spots. When we analyze a new stack we can go and look at these same places and share those common problems with other researchers as well as developers.” 

Researchers are yet to see indications of these types of vulnerabilities being actively exploited in the wild by attackers. But the exposure is noticeable in the hundreds, perhaps billions, of devices that have potentially been affected as per several different findings.

Similar failures of Forescout and JSOF have already found themselves exposed in hundreds of millions or potentially trillions of devices in other TCP/IP proprietary and open-source stacks around the world. 

“For better or worse, these devices have code in them that people wrote 20 years ago—with the security mentality of 20 years ago,” says Ang Cui, CEO of the IoT security firm Red Balloon Security. 

Although the fixes do not proliferate in the near future, they too are available. And some other halted mitigation measures will minimize the exposure, namely by ensuring that as many devices as possible do not link to the internet directly and by using an internal DNS server. 

Forescout's Costante noted that operational behaviour would be predictable and that attempts to exploit certain defects would be easier to identify. 

Forescout has published an open-source script for network administrators in their organizations to recognize potentially insecure IoT devices and servers. 

The organization also continues to maintain an access database library of inquiries, which scientists and developers could use to quickly identify similar DNS vulnerabilities. 

“It’s a widespread problem; it’s not just a problem for a specific kind of device,” says Costante.

Canadian IoT Solutions Provider, Sierra Wireless Hit by a Ransomware Attack


Sierra Wireless, a Canadian IoT solutions provider said that it has reopened its manufacturing site's production after the company suffered a ransomware attack that breached its internal infrastructure and official website on March 20. When the company came to know about the attack, it called one of the world's best cybersecurity firms "KPMG," to help Sierra Wireless in the investigation and inquiry of the incident.

According to Sierra Wireless, "security is a top priority, and Sierra Wireless is committed to taking all appropriate measures to ensure the highest integrity of all of our systems. As the investigation continues, Sierra Wireless commits to communicating directly to any impacted customers or partners, whom we thank for their patience as we work through this situation." 

Currently, the staff at Sierra Wireless is working on re-installing the company's internal infrastructure, after the corporate website was brought back online. Besides this, the Canadian MNC said that ransomware attacks couldn't breach services and customer-oriented products as the internal systems that were attacked were separated. The company believes that the scope of the attack was limited to Sierra Wireless' corporate website and internal systems, it is confident that the connectivity services and products weren't affected, and the breach couldn't penetrate the systems during the incident. 

As of now, the company isn't expected to issue any firmware or software security updates or product security patches, which are generally required after the ransomware attack. The company hasn't disclosed the ransomware operator behind the attack, it has also not specified what data was stolen from the incident before the encryption could happen. 

The attack happened in March, after that the company took back its Q1 guidance. A company spokesperson said that Sierra wireless won't reveal any further information regarding the attack as per the company protocol, because the data involved is highly confidential and sensitive. Bleeping Computer reports, "Siera Wireless' products (including wireless modems, routers, and gateways) sold directly to OEMs are being used in IoT devices and other electronic devices such as smartphones, and an extensive array of industries." Stay updated for more news.

Hackers Tap Into Home Security Cameras, Record Sex Tapes To Sell Online

Chinese hackers are infiltrating into residents' house security cameras, shooting them having sex and selling the footage online. However shocking this crime may sound, it's pretty common nowadays, according to South China Morning Post. It reports, "the videos are priced based on how exciting they are and are sold via social media, according to an undercover investigative report aired by the television station on Monday. Video clips involving nudity or sexual acts are priced at 50 yuan (US$8) each, while those “normal ones shot in hotel rooms” are 20 yuan (US$3), said an unidentified seller of these videos in the report."  

These videos are always in high demand in the online market. This can be frightening as the sophisticated gadgets that we use for our security can be turned against us, and the internet can put us in such a vulnerable condition. The attackers hacked into candid cameras to spy on hundreds of thousands of victims and record their sex tape, besides this, they were also able to find out about the hidden cameras that hackers used to plant in the hotel rooms.  These sex tapes that are on sale are being called "home videos", hackers have also set up multilevel marketing scheme where the clients are encouraged to sell these videos furthermore. 

The customers were shared the login credentials of the hacked security cameras so that they can tune in themselves. According to one hacker's audio conversation with his VIP clients, he had dozens of people walking around and installing these cameras wherever they went.  Even if these cameras are caught by the hotels, the hackers will only lose around 100 yuan, the losses can be compensated by uploading a couple of videos online. 

"Such videos are primitive,” the hacker said. “Many people like such kind of stuff nowadays, watching people’s privacy, what they’re doing at the moment… You know what, I have sold this video several hundred times," said the hacker, according to South China Morning Post. In a similar incident, hackers hacked into the Amazon ring cameras where the customers were unaware of the breach.

Interview with Waylay: Power of Automation to Everyone?

 

On 8th January, E-Hacking News conducted an interesting interview with Waylay. The guest speaker for the interview was Mr. Veselin Pizurica, CTO & Co-Founder, Waylay. The company helps to connect IoT solutions to IT systems, empowering them to build new applications faster and better than ever before.

Q1. Can you please tell us about “Waylay” as a company? 
Waylay is a technology company that builds automation software for the Internet of Things. Our platform is used by enterprises to develop new digital solutions with IoT, IT, and OT data in the most flexible way. We have about fifty enterprise customers from Australia, Japan, Europe to the US. We are expanding to the US with a physical presence because we’ll like to get better support for our US customers. Today we are more focused on OEM technology meaning we work as an invisible layer, where other companies can buy our software that integrates our automation technology with their solutions. 

Q2. In what industries Waylay is useful for? What type of customers may be interested? 
In the context of IoT, one has two approaches – either go for a vertical approach or being a platform-neutral player where other customers create their own solutions based on automation technology. In this regard, we are the latter case. Our customers are either in the smart buildings or HVAC connected appliances or even B2C. Our technology is used mostly in manufacturing spaces, smart buildings as well as HVAC. The reason for customers being interested in Waylay is because we are a cloud-capable platform as well. We have built a unique set of interfaces that work on top of all other cloud technology in a way that the bigger automation players can replicate the same use case in different clouds. 

Q3. Do you integrate with the existing HVAC system? What if an end customer wants to integrate into your dashboard, how do they do it? Do they need to put a specific IoT controller for this? 
What we have done is to create a kind of convergence layer that integrates to other IoT clouds or IoT systems in such a way that we put in just data for a variety of different systems. In other words, we are just saying we’ll create a bridge layer that can integrate with our system. Secondly, many of these HVACs are not connected and they will never be connected. Our technology offers the opportunity to integrate with other IoT systems. We are not enforcing our connectivity on our customers; we are rather saying whatever we have already we’ll create a layer that will enable us to get data in our systems 

Q4. Do you directly work with OEM (Original Equipment Manufacturer)? If so, do you have a development kit for OEM? What are the types of OEM you work with? 
We do actually. If you have the HVAC suppliers/manufacturers they, face a couple of different problems and none of them are actually trivial. So, basically what we offer is a sort of total automation that enables experts from both sides of the story (machine learning builders and machine learning experts) to bring them on one platform to be able to do total automation. The next thing you could do is offer new services; people are actually renting machines as a service rather than actually selling them. For instance, if you like to rent a machine as a service then your absolute interest is that the machine operates with optimum settings. 

Q5. IoT awareness is so low in many countries, will Waylay contribute positively to increase awareness in the IoT space? 
There are various angles to answer this question. First, IoT is something that people have been talking about for a long time. In a B2C context, if you buy any device, one or the other way, it is connected, it’s just that people are not aware of that. In smart home automation, it is already happening. In industries, things are much more complicated as there is a lot of different technology. Now, awareness also depends on the countries, some people are more eager to try things than others. In industries, the very first problem is connectivity, it not only depends on the use case vertical but also on the country. The thing with IoT is, it’s already happening but not at the same pace (compared to other technologies). What makes our company very confident is eventually, everything will be connected, it’s just that the pace of adoption in some countries is slower than others. 

Q.6 Your blog talked about “Waylay’s Digital Twin Revolutionizes Provisioning in Industrial IoT.” Please tell us more about it. 
When we talk about Digital Twins, we are talking about the digital representations of the objects. It can mean different things to different people. “In an ideal world, all equipment would be connected. In reality, millions of legacy machines are locked out of Industry 4.0 solutions because of the prohibitive cost of retro-fitting them.” 

Q.7 How has Waylay helped to bring a change in Digital Industry? 
Our goal is to bring the power of automation to everyone. Waylay believes that automation liberates human intelligence, cuts down costs, and increases value creation.

Internet of Things (IoT): Greater Threat for Businesses Reopening Amid COVID-19 Pandemic

 

Businesses have increasingly adopted IoT devices, especially amid the COVID-19 pandemic to keep their operations safe. Over the past year, the number of IoT devices employed by various organizations in their network has risen by a remarkable margin, as per research conducted by Palo Alto Networks' threat intelligence arm, Unit 42. 
 
While looking into the current IoT supply ecosystem, Unit 42 explained the multi exploits and vulnerabilities affecting IoT supply chains. The research also examined potential kinds of motivation for exploiting the IoT supply chain, illustrating how no layer is completely immune to the threat.  

The analysis of the same has been reported during this year's National Cybersecurity Awareness Month (NCSAM), which is encouraging the individual's role in protecting their part of cyberspace and stressing personal accountability and the significance of taking proactive measures to strengthen cybersecurity. 
 
The analysis also noted that supply chain attacks in IoT are of two types – through a piece of hardware modified to bring alterations in a device's performance or from software downloaded in a particular device that has been affected to hide malware. 
 
While highlighting a common breach of ethics, the research mentioned the incorporation of third-party and hardware components without making a list of the components added to the device. The practice makes it hard to find how many products from the same manufacturer are infected when a vulnerability is found on any of the components. Additionally, it also becomes difficult to determine how many devices across various vendors have been affected in general, by the vulnerability.

"The main goals for cyberespionage campaigns are maintaining long-term access to confidential information and to affected systems without being detected. The wide range of IoT devices, the access they have, the size of the user base, and the presence of trusted certificates make supply chain vendors attractive targets to advanced persistent threat (APT) groups..." the report stated. 
 
"In 2018, Operation ShadowHammer revealed that legitimate ASUS security certificates (such as “ASUSTeK Computer Inc.”) were abused by attackers and signed trojanized softwares, which misled targeted victims to install backdoors in their system and download additional malicious payloads onto their machines." 
 
While putting things in a cybercrime perspective, the report noted - "The potential access and impact of compromising a large number of IoT devices also make IoT vendors and unprotected devices popular choices for financially motivated cybercriminals. A NICTER report in 2019 shows close to 48% of dark web threats detected are IoT related. Also in 2019, Trend Micro researchers looked into cybercriminals in Russian-, Portuguese-, English-, Arabic-, and Spanish-speaking marketplaces and discovered various illicit services and products that are actively exploiting IoT devices." 
 
The report stressed the need to "enlist" all the devices connected to a certain network as it will help in identifying devices and their manufacturers, enabling administrators to patch, monitor, or even disconnect the devices when needed. There are instances when all the vulnerable devices are unknown in the absence of a complete list, therefore it is imperative to have complete visibility of the list of all the connected devices in order to defend your infrastructure. 

Customer-Facing Enterprise Services Bearing the Majority of DDoS Attacks


Out of 8.4 million DDoS attacks recorded in 2019 alone, two-thirds of customer-facing enterprise systems bear the brunt of it all. Aimed for disrupting online services, a surge of illegitimate traffic is produced by PCs, Internet of Things (IoT), and a few other gadgets which send many requests, and these questions, in the long run, overwhelm a service. 

Certified users are then incapable to get through. There are various types of DDoS that target specific parts of a service, yet resource exhaustion and HTTP floods, in general, tend to be common. Slave systems, incorporating gadgets infected with botnet-based malware, are utilized to dispatch DDoS attacks, of which threat actors are known to offer DDoS-for-hire services in the web's underground for a pittance. As per Netscout's most recent report on the topic, DDoS attacks keep on being a thistle in the side of big business organizations and the attack frequency is on the sharp ascent. 

Netscout's research, says that there has been an expansion of 87% in exploit endeavors between the second half of 2018 and 2019. Also, DDoS attack frequency worldwide has expanded by 16%, with 16 DDoS attempts occurring almost every minute. Wired and mobile communications, data processing, and hosting providers are the most widely recognized targets; there has likewise been an uptick in DDoS campaigns against satellite communications, chemical manufacturing, and trades including computer equipment sellers and vehicle vendors. 

With regard to quality, the most powerful DDoS attack recorded by the organization during H2 2019 was 622 Gbps. Be that as it may, as verified by Netscout, such attacks can, by and large, be considered "overkill" and are known to draw the attention of law enforcement; and in that capacity, attacks are presently by and large within the 100 - 200 Gbps range. This year, it is 'forecasted' that up to 20.4 billion IoT devices will be connected with the Internet. 

While these devices - including mobile gadgets, intelligent home appliances, and smart speakers - are convenient, security isn't generally at the cutting edge of development lifecycles and there are as yet numerous situations when default, hardcoded certifications and vulnerabilities are misused to add them to botnets. 


Nonetheless in the meantime, legacy IoT devices will keep on adding to the issue of DDoS attacks taking place across the globe, as they won't really be the beneficiaries of improving security standards.

Bot List Containing Telnet Credentials for More than 500,000 Servers, Routers and IoT Devices Leaked Online


This week, a hacker published a list on a popular hacking forum containing Telnet credentials for over 515,000 servers, home routers and IoT (Internet of Things) "smart" devices. The massive list which reportedly was concluded by browsing the whole internet in search of devices that left their Telnet port exposed, included IP addresses of all the devices, username and password for the Telnet service and a remote access protocol that can be employed to control devices over the internet.

After scanning the Internet in search of devices exposing their Telnet port, the hacker attempts to use either factory-set default usernames and passwords or custom but guessable combinations, as per the statements by the leaker himself.

These lists, generally kept private – are known as 'bot lists' that are built after hackers scan the Internet and then employed them to connect to the devices and install malware. Sources say that although there have been some leaks in the past, this one is recorded as the biggest leak of Telnet passwords till date.

As per the reports of ZDNet, the list was made available online by one of a DDoS-for-hire (DDoS booter) service's maintainer. There's a probability that some of these devices might now run on a different IP address or use other login credentials as all the leaked lists are dated around October-November 2019. Given that using any of the listed username and password to access any of the devices would be illegal, ZDNet did not use it. Therefore, they were not able to comment on the validity of these credentials.

A security expert in the field of IoT, requesting for anonymity, tells that even if some of the listed credentials are invalid by the time for devices now have a new IP address or password. However, the listings still hold a lot of value for a skillful and talented attacker who can possibly use the present information in the list to identify the service provider and hence update the list with the current IP addresses.

Certain authentic and verified security researchers are given access to the list of credentials as they volunteered for it.

Hide and Seek Iot Botnet Increasing Infection Capabilities with New Vectors



The Hide and Seek IoT botnet has been updated to act against the Android devices and the criminal group behind its advancement and development has been seen to include a new functionality in recurring incremental optimizations to the fundamental engine.

The Android infections appear to be caused not by focusing on specific vulnerabilities, rather concentrating on maltreatment of the Android Debug Bridge (ADB) option. As a matter of course this is turned-off however at times users might need to turn it on.

The IoT botnet has been spotted to have added around 40 000 gadgets to its stockpile, the infected devices are for the most part from China, Korea and Taiwan. Numerous Android devices are currently part of the home infrastructure — phones, tablets, televisions and various peripherals. This is the motivation behind why attacks utilizing it are exceptionally viewed as critical.

Its samples concentrate on the devices that have set the ADB option on either as a matter of course or by the users themselves. At the point when this capacity is empowered the devices are uncovered as this opens a network port accessing remote connections. Malignant administrators have been spotted to perform unauthenticated login endeavors — utilizing either default passwords or 'brute forcing the devices'.

The attacks likewise prompt the conclusion that the criminal collective behind the botnet is always attempting to update its features. The tremendously expanded number of infected devices is apparent that the botnet is gaining more energy. Botnets are known to be quite efficient when it comes to launching conveyed denial-of-service attacks (DDoS) which can render sites and PC systems non-working.

Chief Security Researcher at Bitdefender Alex Balan said that the botnet's purpose for the time being gives off an impression of being to increase its size and nothing more.
Despite the fact that it bolsters directions for data exfiltration and code execution the researchers have not seen them to be utilized by the botnet and additionally, there is no module for propelling dispersed denial-of-service attacks, an essential technique for botnet monetization.

New report says IoT adoption heightens cybersecurity threat

A new report by Navigant Research says that due to the increasing adoption of Internet of Things (IoT) devices and systems, threats to cybersecurity are also increasing as attackers are given more numbers of “vectors and surfaces” to target.

The report looks at the state of IoT as a whole, not just its utilities, and addresses questions such as common vulnerabilities present in IoT settings, strategies for cybersecurity, global revenue forecast on IoT security, etc. It also examines regulatory frameworks shaping the market and steps that can be taken to minimize risk.

Oracle Chairman, Larry Ellison, says that companies are losing this cyber war and that, “Make no mistake, it’s a war.”

“The mushrooming number of IoT devices being deployed by utilities and other enterprises carries an obvious and growing security risk,” said Neil Strother, principal research analyst with Navigant Research. “Smart managers need a comprehensive strategy to stay ahead of potentially devastating threats to IoT assets.”

He added that managers can no longer rely on the “old-school reactive” approach but must instead adopt “latest proactive and predictive tools and methodologies to keep devices and systems safe.”

The report itself is aimed at utility security managers, enterprises, IoT cybersecurity solution vendors, investor groups, regulators, and other stakeholders.