Martijn Lammerts
My own digital place with a little of everything

Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

17 April 2018

Even before the term IoT was coined, we had the routers at the gateway, most of the time publicly exposed on the internet. In the context of the IoT, the router is perhaps the most important device for the whole infrastructure. All traffic goes through it and it allows for the provision of many services, such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), content filtering, firewalls, and Voice over Internet Protocol (VoIP), to all connected devices, including computers, smartphones, and IP cameras. If an attacker is able to compromise the router, every device connected to it can be affected. And that’s what a hacking group in Brazil just did.

The post Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware appeared first on .

Continue reading...

Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More

16 April 2018

If there is anything to be learned from the massive attacks that have been seen on connected devices, it is that the internet of things (IoT) is riddled with vulnerabilities. We have seen this time and again with how botnets are created from system weaknesses and have harnessed poor basic security to disrupt many devices and services.

In the past year, we embarked on a closer look at the security of IoT devices around the world. We chose devices that are available in different Amazon regions and are widely used in the Japan market, and tried to find out whether remote code execution (RCE) is possible. What we ended up finding out was more than that.

The post Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More appeared first on .

Continue reading...

Mirai-like Scanning Activity Detected From China, With Targets in Brazil

11 April 2018

Our network monitoring system recently detected an enormous amount of Mirai-like scanning activity from China. From 1:00 p.m. UTC on March 31 to 12:00 a.m. UTC on April 3, our team detected an influx of activity coming from 3,423 IP addresses of scanners. Brazil appeared to be the target location of the scanning of networked devices, including routers and IP cameras.

The post Mirai-like Scanning Activity Detected From China, With Targets in Brazil appeared first on .

Continue reading...

The Reigning King of IP Camera Botnets and its Challengers

8 June 2017

Early this month we discussed a new Internet of Things (IoT) botnet called Persirai (detected by Trend Micro as ELF_PERSIRAI.A), which targets over 1000 Internet Protocol (IP) camera models. Currently, through Shodan and our own research, we see that 64% of tracked IP cameras with custom http servers are infected with Persirai. But, because these cameras are such common targets, there is some competition between malware.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

The Reigning King of IP Camera Botnets and its Challengers

Continue reading...

What’s In Shodan? Analyzing Exposed Cyber Assets in the United States

15 February 2017

Thanks to the Internet of Things (IoT), the world is now much more connected. While IoT brings about many benefits and has made life easier for us, there are some important questions we still have to ask: is IoT also making the world a little less secure? More importantly, is IoT making us vulnerable to attackers?

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

What’s In Shodan? Analyzing Exposed Cyber Assets in the United States

Continue reading...

Home Routers: Mitigating Attacks that can Turn them to Zombies

14 December 2016

With more households running smart devices that access the internet, the router is typically their only doorkeeper. And whether an end user has a laptop/desktop and router combo, or a miscellany of other devices connected to the network, the security risks are the same. Based on our research, home routers have been most susceptible to cross-site scripting (XSS) and PHP arbitrary code injection attacks, as well as being involved in carrying out DNS amplification attacks.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Home Routers: Mitigating Attacks that can Turn them to Zombies

Continue reading...