IoT Worm Casestudy

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email
Overview

On this week’s episode, we’re sharing how an exploit for Ubiquiti AirMax devices was converted into a self-spreading worm. Although the patch to address this vulnerability was released nearly a year ago, at least two Wireless Internet Service Providers’ (WISP) have confirmed mass infections as the result of running outdated/vulnerable software. During this discussion, we’ll walk through the timeline of the vulnerability disclosure, the published proof of concept (PoC) exploit, and tactics and techniques used in the hacker’s payload. Lastly, we’ll share how this particular vulnerability illustrates how the existing patching process for Internet of Things (IoT) devices creates an ideal breeding group for auto-propagating viruses.

On this week’s episode, we’re sharing how an exploit for Ubiquiti AirMax devices was converted into a self-spreading worm. Although the patch to address this vulnerability was released nearly a year ago, at least two Wireless Internet Service Providers’ (WISP) have confirmed mass infections as the result of running outdated/vulnerable software. During this discussion, we’ll walk through the timeline of the vulnerability disclosure, the published proof of concept (PoC) exploit, and tactics and techniques used in the hacker’s payload. Lastly, we’ll share how this particular vulnerability illustrates how the existing patching process for Internet of Things (IoT) devices creates an ideal breeding group for auto-propagating viruses.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
2398 Followers
About Huntress Labs
Huntress minimizes the time hackers lurk undetected on computers, laptops, and servers. To accomplish this, Huntress detects and reports malicious applications which are set to automatically run when the system boots up. Although viruses are constantly evolving, the techniques used by hackers to maintain a foothold on computers have hardly changed in 20 years. Unfortunately, existing security products have failed to address these footholds and allow attackers to remain undetected within your network. Huntress focuses on these footholds; finding the compromise before the situation escalates. Our Huntress agent performs “routine health screenings” on each computer in your organization, regardless of where it’s located. The results are sent to the cloud where our analysis engine uses file reputation, frequency analysis, and proprietary algorithms to identify anomalous footholds. After detection, Huntress delivers prioritized remediation recommendations—not alerts—to you and all other affected members within the Huntress community. The Huntress solution is designed to complement any existing security investment to enhance detection efficiency. No duplicated functionality. No duplicated costs. Monitoring Agent Lightweight and transparent: no impact on the user experience or system performance Distributed cloud architecture protects your users in the office, at home, or on the go Analysis Engine Zero false positives and granular classification of malicious, suspicious, and known good applications Generates email based remediation recommendations for instant notification and automated ticket creation Management Console Lightweight and transparent: no impact on the user experience or system performance Distributed cloud architecture protects your users in the office, at home, or on the go

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel