Pesquisas e Relatórios

In this section, we analyze two vulnerabilities, namely, the CVE-2016-10372 vulnerability32 in the Eir D1000 router and the backdoor vulnerability in Netis routers. Except UPnP-related vulnerabilities described in section 4.4.3 Malicious Behaviors Targeting UPnP Vulnerabilities, the CVE-2016-10372vulnerability was exploited most frequently. The backdoor vulnerability in Netis routers exerted a severe impact when it was initially […]

IoT Exploits Viewpoint 3: Over 30 types of IoT exploits were captured, most of which targeted remote command execution vulnerabilities. Though hundreds of to thousands of IoT vulnerabilities were unveiled each year, only a few can exert an extensive impact. Attackers were keen on targeting devices (routers and video surveillance devices) exposed in large quantities, […]

Introduction This chapter analyzes IoT threats from the perspective of vulnerabilities. We first analyze the change trends of IoT vulnerabilities and exploits 1 in the NVD and Exploit Database (Exploit-DB) in 2019 and then IoT exploits captured by NSFOCUS’s threat hunting system. The following dwells upon some representative exploits.

Heuristic Recon via the Dual-Stack UPnP Service In addition to the recon of IPv6 addresses based on their characteristics, we can also use UPnP to detect IoT assets by referring to the method described in a blog post 28 from Cisco Talos Labs. Principle UPnP is a set of protocols designed to achieve interconnectivity between […]

Heuristic Recon of IPv6 Addresses Based on Their Characteristics Previously, we mentioned that IPv6 addresses, when assigned, can, for example, include random values in particular bytes or embed MAC addresses. With these facts in mind, we exercised some restrictions to narrow down the address space to be scanned. Specifically, we employed the following approaches to […]

Identification of IoT Assets from Known IPv6 Addresses The preceding section gives a brief account of difficulties in the blind-scan of IPv6 addresses. To work around these problems, we based our recon on some available IPv6 addresses, in a bid to discover IoT assets operating in IPv6 environments. Sources of these addresses include Hitlist27, which […]

This section presents the exposure of IPv6 assets on the Internet and methods for recon of these assets. IPv6 Evolution With the IoT and 5G gaining ground, the demand of network applications for IP addresses is undergoing an explosive growth. However, the IPv4 address space has been depleted and IPv4 addresses have been unevenly allocated. […]

Overview 2020 H1 witnessed nine Internet of Things (IoT) security events that deserved close attention: Ripple20 0-day vulnerabilities were discovered and affected hundreds of millions of networked devices in various industries across the globe. A high-risk 0-day vulnerability was detected in dozens of Netgear router products. A group of Industrial Control System (ICS) honeypots attracted […]

Introduction As we indicated in the 2018 Annual IoT Security Report, network addresses on the Internet constantly change. Use of historical data to delineate exposure of assets will result in a deviation from reality, presenting a value higher than the actual number. Therefore, to accurately reflect the reality of a given area, we should specify […]

LockerGoga Ransomware Alleged to Repeatedly Attack Plants On January 24, 2019, France-based Altran Technologies was allegedly hit by LockerGoga ransomware. On March 19, Norsk Hydro, one of the largest aluminum companies worldwide, was hit by an extensive cyberattack, having machines around the globe infected with malware and some unable to operate. As a result, some […]