Home Security Over 134 Million Makes an attempt to Hack IoT Gadgets

Over 134 Million Makes an attempt to Hack IoT Gadgets

by crpt os


Jan 30, 2023Ravie Lakshmanan

Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022.

According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months.

Close to 50% of the attacks originated from the U.S. (48.3%), followed by Vietnam (17.8%), Russia (14.6%), The Netherlands (7.4%), France (6.4%), Germany (2.3%0, and Luxembourg (1.6%).

What’s more, 95% of the attacks leveraging the security shortcoming that emanated from Russia singled out organizations in Australia.

“Many of the attacks we observed tried to deliver malware to infect vulnerable IoT devices,” Unit 42 researchers said in a report, adding “threat groups are using this vulnerability to carry out large-scale attacks on smart devices around the world.”

The vulnerability in question is CVE-2021-35394 (CVSS score: 9.8), a set of buffer overflows and an arbitrary command injection bug that could be weaponized to execute arbitrary code with the highest level of privilege and take over affected appliances.

The issues were disclosed by ONEKEY (previously IoT Inspector) in August 2021. The vulnerability impacts a wide range of devices from D-Link, LG, Belkin, Belkin, ASUS, and NETGEAR.

Realtek Vulnerability

Unit 42 said it discovered three different kinds of payloads distributed as a result of in-the-wild exploitation of the flaw –

  • A script executes a shell command on the targeted server to download additional malware
  • An injected command that writes a binary payload to a file and executes it, and
  • An injected command that directly reboots the targeted server to cause a denial-of-service (DoS) condition

Also delivered through the abuse of CVE-2021-35394 are known botnets like Mirai, Gafgyt, and Mozi, as well as a new Golang-based distributed denial-of-service (DDoS) botnet dubbed RedGoBot.

First observed in September 2022, the RedGoBot campaign involves dropping a shell script that’s designed to download a number of botnet clients tailored to different CPU architectures. The malware, once launched, is equipped to run operating system commands and mount DDoS attacks.

The findings once again underscore the importance of updating software in a timely fashion to avoid exposure to potential threats.

“The surge of attacks leveraging CVE-2021-35394 shows that threat actors are very interested in supply chain vulnerabilities, which can be difficult for the average user to identify and remediate,” the researchers concluded. “These issues can make it difficult for the affected user to identify the specific downstream products that are being exploited.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex