Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label cyber crinimals. Show all posts

300,000 MikroTik Devices Found Vulnerable

 

Following a serious flaw, MikroTik routers were discovered to be potentially vulnerable. The vulnerability can be exploited, resulting in DDoS attacks and malware infiltrations. There are 300,000 IP addresses associated with devices that have been discovered to be vulnerable to numerous remotely exploitable security issues. 

Bugs have been corrected after the discovery, but because this is a common provider of routers and other wireless ISP devices, users should ensure they follow the manufacturer's instructions; several items may still be subject to these three significant flaws. Exploiting remote code execution bugs can result in a complete device takeover, which is still a very real possibility. 

MikroTik is a Latvian company that has supplied over 2 million gadgets worldwide. China, Brazil, and Italy have the most afflicted devices. However, the items' popularity and impressive features made them appealing to attackers and thieves. 

The researchers noted: 'This has made MikroTik devices a favorite among threat actors who have commandeered the devices for everything from DDoS attacks to command-and-control (aka 'C2'), traffic tunneling, and more.' 

Because of the large number of current devices and the potential for leverage, hackers see this as a lucrative opportunity, posing a significant attack risk. Threat actors attempt to take advantage of these possibilities to get access to systems and deploy malicious programs or viruses. Earlier this year, botnets were developed by exploiting a security flaw in the os. 

The Meris botnet launched a denial-of-service assault on Yandex by exploiting a specific vulnerability in MikroTik. The cybercriminals targeted a Russian internet company and leveraged serious security vulnerabilities in devices manufactured in 2018 and 2019 that had not been adequately fixed.

 The vulnerabilities discovered now are listed below:
  • CVE-2019-3977 – critical score of 7.5. The router OS's insufficient validation allows a reset of all usernames and passwords. 
  • CVE-2019-3978 – CVS score of 7.5. Protection of the critical resource leads to poisoning of the cache. 
  • CVE-2018-7445 – CVS score- 9.8. SMB buffer overflow flaw. 
  • CVE-2018-74847 – CVS score – 9.1. Directory traversal vulnerability in the WinBox interface. 

Researchers discovered at least 20,000 workstations that had been compromised as a result of these vulnerabilities, which had injected bitcoin mining malware scripts into webpages that users browsed, demonstrating the capability of exploiting routers for malware code injection and tunneling. Compromised routers' capacity to insert malicious material, tunnel, copy or reroute traffic can be leveraged in a variety of highly harmful ways. 

Reportedly, DNS poisoning can result in a remote connection to a malicious site or the introduction of workers to the computer in the middle. At this point, attackers can employ a variety of tools and tactics to achieve their objectives. Sensitive data can be intercepted, company traffic can be tunneled to another location, and malicious content can be inserted into the tunnel. 

Since these MikroTik devices were not the only ones that are vulnerable and exploitable, devices must be updated and patched regularly.

Nation States Are Using Cyber Crime Groups to Carry Attacks: States Blackberry Threat Report 2021

 

Nation-states are employing cybercriminals for hacking activities to perpetrate assaults in order to conceal their own presence. An e-security report by BlackBerry researchers indicates that the advent of advanced cybercrime – as – a – service schemes means that nations have the potential to cooperate more and more with organizations that can render attacks for them. 

Researchers at BlackBerry stated that Nation-state hacker organizations no longer have to do their work: they may recruit criminal cartels to break targets - with the extra advantage, analysts claim, that it really is difficult to monitor the attack back on them. 

Such cyber-criminal activity provides malicious hacking activities such as phishing, ransomware, or network violations and is compensated for their activities when information or access remains open to the nation-state that requested the operation. It also comes with the additional advantage that, since cybercriminals who use their own technology and tactics to carry out the attack, it is hard to reconnect the action with the state which had requested the operation. 

"The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation-states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability," warns the Blackberry 2021 Threat Report. 

Researchers are pointing out how advanced cyber-criminal campaigns have grown to the existence of extensive hacking operations, such as Bahamut. Bahamut used phishing, social engineering, malicious applications, modified malware, and zero-day attacks, originally defined by BlackBerry last year – and had been doing this for several years until it was discovered. 

Researchers note that Bahamut works with multiple consumers, who have an eye for work openings that give it more money—and some nation-states have the most money to spend on campaigning when it comes to funding—these are all just too diverse profiles and geographical areas of their victims to match their priorities with a single bad actor's interests. 

"Threat actor identification can be challenging for threat researchers due to several factors, such as overlapping infrastructure, disparate targeting, and unusual tactics. This is especially true when only part of a campaign is outsourced," said the report. 

Although networks can be difficult to defend against specific cyber-attacks, it is possible that companies apply cyber protection practices to help them keep out intrusions, such as having remote access for those who need them and always monitoring the network for unauthorized behaviors which are deemed suspicious.