This Months Top Cyber-Security Attacks and Vulnerabilities
Every month there is a mass of reports on cyber attacks and security vulnerabilities found but which ones should we take notice of and which are fake news?
This month we’ve seen a diverse array of security issues affecting the connected home, from severe bugs in the world’s most popular web browser to new variants of the malware that took down the internet for a few hours. We’ve also seen the dangers of having a home gateway device without proper security practices.
Here our team of cyber-security experts summarized the top 3 reported attacks that we believe were most significant and should be taken seriously!
1. Google Chrome Zero-Day Vulnerability (CVE-2019-5786) – March 06th
Google announced that the patch for Chrome that was released was to fix an active zero-day discovered by its security team. The bug tagged as CVE-2019-5786, was originally discovered by Clement Lecigne of Google’s Threat Analysis Group on Wednesday, February 27th.
It has been presumed that bug was a type of memory error that occurred when an app tries to access memory after it has been deleted from Chrome’s allocated memory. This can lead to the execution of malicious code if mishandled and is treated as a serious security threat.
Affected Users and Distribution: Cross Users
Affected Systems: Chrome Browsers in all major operating systems including Microsoft Windows, Apple macOS, and Linux.
Discovered by: Clement Lecigne
Google Description: Security researcher Clement Lecigne of Google’s Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers.
CVSS v3 metrics:
2. Remote Code Execution DoS Vulnerabilities (CVE-2018-19524) In Shenzhen Skyworth Digital G/EPON Home Gateways – March 21st
Several models of Skyworth Digital PON home gateways have been found to contain a stack overflow vulnerability in the gateways password submission form. This can be leveraged to cause an exception in the device causing a Denial of Service (DoS) attack or using a more complicated exploitation to get Remote Code Execution (RCE).
Possessing a RCE attack, a malicious actor can download malware onto the gateways and enable eavesdropping of consumer communications, phishing attacks, cryptomining and launch botnet Distributed Denial of Service (DDoS) attacks on internet infrastructure and services.
What is a Stack Overflow?
When an application’s user interface contains some form or other means of obtaining user inputs but lacks proper secure handling of those input and sanitization, a malformed input can be used to cause memory corruption on the application. This is regularly caused by not checking the size of the input and then copying it to a too small section of memory causing said overflow. In some systems this corruption would only cause the disruption of the service and application reboot but on systems with less advanced security features (common in router and IoTs) it can be used to take full control on the execution of the application by manipulating the application’s stack, a memory structures that hold vital application parameters.
Affected Users and Distribution: ISP consumers with G/EON gateways of affected models
Affected Systems: Shenzhen Skyworth Digital Technology gateways:
DT741 Converged Intelligent Terminal
DT721-cb GPON Home Gateway
DT741-cb GPON Home Gateway
Discovered by: Kaustubh G. Padwad
Kaustubh Padwad’s Description: A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution… No Official mitigation received from vendor.
Unfortunately, according to the researcher the vendor did not respond to his disclosure leaving consumers with potentially vulnerable devices and enabling malicious actors to exploit these new discoveries and expand their botnets sizes.
SAM Risk Metrics:
3. New Mirai Variant Targets Enterprise IoT Devices – March 19th
Palo Alto Networks discovered a new variant of Mirai which includes 11 new exploits and a new set of “unusual default credentials” to use brute force attacks against IoTs that exposed to the WAN network.
Palo Alto also published a set of indicators to new Mirai variant which added to our threat intelligence last week. After a week of monitoring, we did not find any connected device owned by our customers who were affected by this new variant.
Palo Alto Indicators:
Affected Users and Distribution: SOHO, SMBs and Advanced users.
Affected Systems: Linksys routers, ZTE routers, DLink routers, Network Storage Devices, NVRs and IP cameras, LG SuperSign TVs and WePresent WiPG-1000.
Discovered by: Ruchna Nigam (Palo Alto Networks)
Palo Alto Networks Description: this new variant targeting WePresent WiPG-1000 Wireless Presentation systems, and in LG Supersign TVs. Both these devices are intended for use by businesses. This development indicates to us a potential shift to using Mirai to target enterprises. The previous instance where we observed the botnet targeting enterprise vulnerabilities was with the incorporation of exploits against Apache Struts and SonicWall.
SAM Risk Metrics:
SAM provides a software-based security solution that integrates seamlessly with any platform and protects local area networks by securing the gateway and all of its connected devices. Installed remotely on existing gateways, SAM doesn’t require any additional hardware or a technician to provide comprehensive network security. The solution is offered as a service, allowing users to have the enterprise-grade protection including virtually patching vulnerabilities such as KRACK and other high-level, targeted attacks. SAM works with leading chipset manufacturers, including Intel, to provide network security from the source.
To learn more about SAM, visit www.SecuringSam.com