Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
New Linux Worm Attacks IoT Devices
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Webtoolsoffers
Webtoolsoffers,
User Rank: Apprentice
6/28/2019 | 4:31:00 AM
Re: Linux Worm Exploits and Defenses
The IoT devices related to the internet. Now-a-day IoT devices is most useful because we can get information through mobile interenet
tdsan
tdsan,
User Rank: Ninja
6/27/2019 | 2:52:55 PM
Linux Worm Exploits and Defenses
The new software, dubbed "Silex," is running across the Internet looking for Linux systems deployed with default admin credentials. Once it finds such a system, it overwrites all of the system's storage with random data, drops its firewall rules, removes its network configuration, and then restarts the system — effectively rendering the device useless.

I do agree the responsibility should rest with the consumer where the system asks or provides insight on how to change the admin password but this should be a mandatory function (to change the password and remove telnet or disable it) when the user logs in. A number of companies are doing this but after reading the report, it seems this practice is not performed across the board.

 
It could attack any Linux system deployed on the Internet with open telnet ports and default admin credentials.

Ways to thwart the linux attack:
  • iptables -I INPUT 1 -m multiport --dport 23 -s 0.0.0.0/0 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j DROP (the code can be updated to include more ports (-m option), conntrack tracks the attempts and the --ctstate looks for NEW, ESTABLISHED and Relates sessions, the -J is used to drop the connection)
  • ufw deny in -proto tcp from 0.0.0.0/0 to 0.0.0.0/0 port 23 "comment Deny telnet access" or a shorter method is ufw deny in telnet.
  • Firewall - disable telnet from the IOT device or only allow internal access when needed if telnet is essential to diagnostic issues
  • Another option would be to stop the service all together
service stop telnet-server or systemctl stop telnet-server

 

Shodan provides a complete list of devices that still have default passwords enabled.

 Todd

 
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35120
PUBLISHED: 2022-12-01
IXPdata EasyInstall 6.6.14725 contains an access control issue.
CVE-2022-43333
PUBLISHED: 2022-12-01
Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.
CVE-2022-44211
PUBLISHED: 2022-12-01
In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.
CVE-2022-44212
PUBLISHED: 2022-12-01
In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.
CVE-2022-23737
PUBLISHED: 2022-12-01
An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulner...