Headline
Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices
Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks
Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022.
According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months.
Close to 50% of the attacks originated from the U.S. (48.3%), followed by Vietnam (17.8%), Russia (14.6%), The Netherlands (7.4%), France (6.4%), Germany (2.3%0, and Luxembourg (1.6%).
What’s more, 95% of the attacks leveraging the security shortcoming that emanated from Russia singled out organizations in Australia.
“Many of the attacks we observed tried to deliver malware to infect vulnerable IoT devices,” Unit 42 researchers said in a report, adding “threat groups are using this vulnerability to carry out large-scale attacks on smart devices around the world.”
The vulnerability in question is CVE-2021-35394 (CVSS score: 9.8), a set of buffer overflows and an arbitrary command injection bug that could be weaponized to execute arbitrary code with the highest level of privilege and take over affected appliances.
The issues were disclosed by ONEKEY (previously IoT Inspector) in August 2021. The vulnerability impacts a wide range of devices from D-Link, LG, Belkin, Belkin, ASUS, and NETGEAR.
Unit 42 said it discovered three different kinds of payloads distributed as a result of in-the-wild exploitation of the flaw -
- A script executes a shell command on the targeted server to download additional malware
- An injected command that writes a binary payload to a file and executes it, and
- An injected command that directly reboots the targeted server to cause a denial-of-service (DoS) condition
Also delivered through the abuse of CVE-2021-35394 are known botnets like Mirai, Gafgyt, and Mozi, as well as a new Golang-based distributed denial-of-service (DDoS) botnet dubbed RedGoBot.
First observed in September 2022, the RedGoBot campaign involves dropping a shell script that’s designed to download a number of botnet clients tailored to different CPU architectures. The malware, once launched, is equipped to run operating system commands and mount DDoS attacks.
The findings once again underscore the importance of updating software in a timely fashion to avoid exposure to potential threats.
“The surge of attacks leveraging CVE-2021-35394 shows that threat actors are very interested in supply chain vulnerabilities, which can be difficult for the average user to identify and remediate,” the researchers concluded. “These issues can make it difficult for the affected user to identify the specific downstream products that are being exploited.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical
By Deeba Ahmed This is a critical vulnerability affecting almost 190 models of devices from 66 different manufacturers. This is a post from HackRead.com Read the original post: Critical Realtek Vulnerability Impacting IoT Devices Worldwide