A new DNS vulnerability, WRECK, is affecting organizations in nearly every industry, including hundreds of Internet-of-everything devices in government, business, healthcare, manufacturing, and retail, according to a research lab.
These vulnerabilities exist in four popular TCP/IP stacks, namely FreeBSD, IPnet, Nucleus NET and NetX. Among them, FreeBSD is widely used in high-performance servers across millions of IT networks, including major network nodes for web giants like Netflix and Yahoo. Meanwhile, IoT/OT firmware like Siemens Nucleus NET has been used in key OT and IoT devices for decades. Therefore, to fully protect and mitigate the threat of WRECK vulnerability, all devices running the IP stack with the vulnerability need to have the latest patch installed.
Attack scenarios under the DNS vulnerability
An attacker can gain initial access to the enterprise network by hacking the device that makes DNS requests to the Internet server (step 1 in the figure below). To gain initial access, an attacker can achieve this by weaponizing an RCE vulnerability in Nucleus NET.
To exploit the DNS-BASED vulnerability, an attacker needs to respond to legitimate DNS requests with malicious data packets. This can be achieved by “middlemen” in the request and reply paths or by using a DNS query server. For example, an attacker can take advantage of a server or forwarder that is vulnerable to DNSpooq and similar vulnerabilities between the target device and the DNS server to respond with a malicious message planted with a weaponized payload.
After initial access is obtained, an attacker can use the infected stops to set up an internal DHCP server and move horizontally by executing malicious code on the vulnerable internal FreeBSD server that broadcasts DHCP requests (Step 2).
Ultimately, an attacker can use those compromised internal servers to reside on the target network, or steal data through internet-exposed IoT devices (Step 3).
What can an attacker do under a DNS vulnerability?
Attackers can take advantage of the latest DNS high-risk vulnerability to perform the following damage:
· Expose government or corporate servers and access sensitive data (such as financial records, intellectual property or employee/customer information)
· Connect to medical devices for healthcare data, take them offline and disrupt medical services, thereby endangering hospital operations and patient lives
· Visit the factory/industrial control network and tamper with the production line to disrupt production
· Turn off lights connected to building automation controller, resulting in disruption of retail business
At the same time, attackers could exploit the important architectural functions of residential and commercial Spaces, including large hotel chains, to compromise the safety of residents. This may include:
· Tampering with heating, ventilation and air conditioning systems
· Disable critical security systems such as alarms and door locks
· Turn off the automatic lighting system
Security experts warn that unless urgent action is taken to adequately protect networks and internet-connected devices, it is only a matter of time before the wild use of WRECK could lead to major government data being hacked and released, manufacturing operations disrupted or service industry customers compromised.
Wukong (Wukong) static code detection tools for your software security escort! Hotline: 400-636-0101.
Software Security The last line of defense in network security
Zhongke Tianqi company is in the Chinese Academy of Sciences institute of Computing technology under the strong impetus
With the international leading independent research results of the Institute of Computing Sciences
Software Code Vulnerability Detection and Repair Platform (Wukong)
Based on the formation of high-tech enterprises
Keywords: DNS vulnerability Internet of Things security malicious code detection software static test code vulnerability detection
The original link: www.woocoom.com/b021.html?i…