Martijn Lammerts
My own digital place with a little of everything

Exposed IoT Automation Servers and Cybercrime

In our latest research we tested possible threat scenarios against complex IoT environments such as in smart homes and smart buildings. A significant part of the research also involved a look into exposed automation platforms or servers, which are integral components of complex IoT environments.

The post Exposed IoT Automation Servers and Cybercrime appeared first on .

Continue reading...

Water and Energy Sectors Through the Lens of the Cybercriminal Underground

In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we not only found exposed industrial control system (ICS) human machine interfaces (HMIs) but also pointed out how these systems were at risk. This risk is corroborated by the active interest in water and energy ICSs shown by different kinds of cybercriminal groups.

The post Water and Energy Sectors Through the Lens of the Cybercriminal Underground appeared first on .

Continue reading...

Water and Energy Sectors Through the Lens of the Cybercriminal Underground

In our research Exposed and Vulnerable Critical Infrastructure: Water and Energy Industries, we not only found exposed industrial control system (ICS) human machine interfaces (HMIs) but also pointed out how these systems were at risk. This risk is corroborated by the active interest in water and energy ICSs shown by different kinds of cybercriminal groups.

The post Water and Energy Sectors Through the Lens of the Cybercriminal Underground appeared first on .

Continue reading...

Perl-Based Shellbot Looks to Target Organizations via C&C

We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot. The group distributes the bot by exploiting a common command injection vulnerability on internet of things (IoT) devices and Linux servers. Further research indicates that the threat can also affect Windows-based environments and even Android devices.

The post Perl-Based Shellbot Looks to Target Organizations via C&C appeared first on .

Continue reading...

Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures

by Stephen Hilt, Numaan Huq, Vladimir Kropotov, Robert McArdle, Cedric Pernet, and Roel Reyes Energy and water are two of the most central critical infrastructures (CIs). Both sectors have undergone necessary changes to reflect the latest in technology and improve how natural resources are harnessed and distributed. At present, these changes are heading toward more interconnected...

The post Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures appeared first on .

Continue reading...

Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices

Recently, we found a new exploit using port 5555 after detecting two suspicious spikes in activity on July 9-10 and July 15. In this scenario, the activity involves the command line utility called Android Debug Bridge (ADB), a part of the Android SDK that handles communication between devices that also allows developers to run and debug apps on Android devices.

The post Open ADB Ports Being Exploited to Spread Possible Satori Variant in Android Devices appeared first on .

Continue reading...

VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities

This blog tackles the recently ill-famed VPNFilter malware and if deployed devices are vulnerable to it. VPNFilter is a newly discovered, multi-stage malware (detected by Trend Micro as ELF_VPNFILT.A, ELF_VPNFILT.B, ELF_VPNFILT.C, and ELF_VPNFILT.D) that affects many models of connected devices. Based on our data from June 1 to July 12, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities, not only taken advantage of by VPNFilter but other malware as well, can still be detected in devices up to this day.

The post VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities appeared first on .

Continue reading...

Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware

Even before the term IoT was coined, we had the routers at the gateway, most of the time publicly exposed on the internet. In the context of the IoT, the router is perhaps the most important device for the whole infrastructure. All traffic goes through it and it allows for the provision of many services, such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), content filtering, firewalls, and Voice over Internet Protocol (VoIP), to all connected devices, including computers, smartphones, and IP cameras. If an attacker is able to compromise the router, every device connected to it can be affected. And that’s what a hacking group in Brazil just did.

The post Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware appeared first on .

Continue reading...