- Jun 9, 2013
- 6,720
Attackers are enslaving Internet of Things (IoT) devices to remotely mount DDoS campaigns, by using a 12-year old vulnerability in OpenSSH.
Akamai Technology researchers Ory Segal and Ezra Caltum have dubbed the issue theSSHowDowN Proxy.
It’s not a new type of vulnerability or attack technique, but rather a continued weakness in many default configurations of internet-connected devices. But a broad range of devices are being exploited in mass-scale attack campaigns, including CCTV devices for video surveillance, DVRs, satellite antenna equipment, routers, Wi-Fi access points, cable and ADSL modems, internet-connected Network Attached Storage (NAS) devices and more.
This malicious network is mounting attacks against a multitude of internet targets and internet-facing services, such as HTTP, SMTP and network scanning, and against internal networks that host the connected devices. Once malicious users access the web administration console, they have been able to compromise the device’s data and, in some cases, fully take over the machine.
Full Article. http://www.infosecurity-magazine.com/news/iot-devices-enslaved-via-12yearold/
Akamai Technology researchers Ory Segal and Ezra Caltum have dubbed the issue theSSHowDowN Proxy.
It’s not a new type of vulnerability or attack technique, but rather a continued weakness in many default configurations of internet-connected devices. But a broad range of devices are being exploited in mass-scale attack campaigns, including CCTV devices for video surveillance, DVRs, satellite antenna equipment, routers, Wi-Fi access points, cable and ADSL modems, internet-connected Network Attached Storage (NAS) devices and more.
This malicious network is mounting attacks against a multitude of internet targets and internet-facing services, such as HTTP, SMTP and network scanning, and against internal networks that host the connected devices. Once malicious users access the web administration console, they have been able to compromise the device’s data and, in some cases, fully take over the machine.
Full Article. http://www.infosecurity-magazine.com/news/iot-devices-enslaved-via-12yearold/
