Cybercriminals Exploiting SSHowDowN Vulnerability to Mount Massive Coordinated Attacks.
_ad8adb5c_, developer of the world’s first automated service for continuously monitoring Internet of Things (IoT) code for critical open source vulnerabilities, today announced that its cloud-based platform has been constantly protecting customers from the SSHowDowN vulnerability (_62a91eba_) – well prior to Akamai’s recent announcement.
Akamai reports that hackers are now exploiting the 12-year old OpenSSH vulnerability to mount mass-scale attacks from millions of compromised IoT devices, including routers, cable modems, satellite TV equipment, and IP-connected cameras, DVRs and NAS (Network Attached Storage) devices. The attacks create unauthorized SSH tunnels which are then used to route malicious traffic against victim sites while hiding the attackers’ identities. Attackers also use the devices as beachheads to launch internal attacks against corporate networks.
Lexumo uses graph analytics and machine learning developed for DARPA to precisely identify public vulnerabilities such as Heartbleed, Shellshock (Bashdoor), and SSHowDowN in IoT code. The platform also provides detailed instructions for remediating vulnerabilities in order to avoid their exploitation by cyberattackers. The company was recently recognized as an IoT Company to Watch and a Machine Learning Startup to Watch.
“Cyberattackers look for the path of least resistance – and vulnerabilities that have been around for years are a great place to start,” said Richard Carback, PhD, co-founder and Chief Architect at Lexumo. “Unlike with zero days, information about public open source vulnerabilities is broadly available via public message boards and email lists.”
“Many IoT devices are particularly vulnerable because they haven’t been designed with security in mind, so there’s a good chance this type of attacker technique will become significantly more popular in the future. It would seem like a minimum standard of due care for manufacturers to use automation to ensure they’re not shipping devices with vulnerabilities like SSHowDowN.”
The impact of shipping insecure IoT devices was also illustrated a few weeks ago when cyberattackers exploited vulnerabilities in 1.5 million IoT devices to generate the world’s most powerful Distributed Denial of Service (DDoS) attack to date. The unprecedented attack successfully disabled the website of well-known security researcher Brian Krebs. Cyberattackers also leveraged their massive botnet army to launch a separate DDoS attack on European ISP OVH that reached nearly one terabit per second (Tbps).