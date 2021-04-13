Infosecurity Group Websites
Latest
News

Name:Wreck Bugs Could Impact 100M IoT Devices

Security experts have discovered a new set of DNS vulnerabilities which could impact over 100 million IoT devices used by consumers and enterprises.

Forescout teamed up with Israeli consultancy JSOF to uncover nine vulnerabilities they have labelled Name:Wreck.

They affect popular IT software FreeBSD and IoT/OT firmware IPnet, Nucleus NET and NetX. Forescout claimed that, although not all devices running the software are vulnerable, even if just 1% were, that could impact as many as 100 million globally.

In the UK alone it is estimated that around 36,000 could be affected.

The bugs themselves enable either remote code execution or denial of service, with sectors including government, enterprise, healthcare, manufacturing and retail at risk.

Plausible but hypothetical scenarios include attackers exploiting the flaws to extort payments from victim organizations by sabotaging critical functions in manufacturing plants, hospitals, hotels and retail facilities.

Threat actors could also monetize attacks by using exploits to access enterprise and government networks, with an eye on data theft.

The report urged organizations running vulnerable devices to limit their network exposure via segmentation, and to rely more on internal DNS servers.

It also recommended patching, although this can be a challenge for IoT/OT devices running on mission critical systems that can’t be taken offline, or which rely on legacy applications.

Forescout Research Labs research manager, Daniel dos Santos, warned that the Name:Wreck bugs have the potential to cause significant and widespread disruption.

“Unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or [compromise of] hotel guest safety and security,” he added.

Patches are now available for FreeBSD, Nucleus NET, and NetX.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
Blog

The Story of the EC-Council Gender Survey Scandal: Survey Creator Says "It Was Written by Women so it Can't be Sexist"

2
News

Over 90% of Organizations Hit by a Mobile Malware Attack in 2020

3
News

Man Arrested After Failed AWS Bomb Plot

4
News

Hackers Hacked as Underground Carding Site is Breached

5
News

Iran Nuclear Facility Suffers Cyber-Attack

6
News

Food Shortages at Dutch Supermarkets After Ransomware Outage

1
News

Fitch Partners with SecurityScorecard to Help Investors Assess Businesses’ Cyber-Risk

2
Opinion

Promoting a Cultural Shift for Cybersecurity

3
News

McAfee: COVID-19 Themed Attacks Continue to Surge

4
News

Destructive Attacks Surged in 2020 for Financial Institutions

5
News

Name:Wreck Bugs Could Impact 100M IoT Devices

6
Interview

#IdentityManagementDay Interview: Julie Smith, Executive Director, IDSA

1
Webinar

Endpoint Strategies: Balancing Productivity and Security

2
Webinar

Zero Trust in 2021: How to Seamlessly Protect Your Remote and In-Office Users

3
Webinar

Security Certification: Gain Competitive Advantage as the Low Risk Option

4
Webinar

Using 2020's Vulnerability Trends to Spearhead Your 2021 Security Posture

5
Webinar

Data Classification: The Foundation of Effective Cybersecurity

6
Webinar

Building a Privileged Access Management Strategy for the Post-COVID World

1
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - EMEA 2021

2
Webinar

Security Mythbusting: Dismantling the Top Five API Myths

3
Online Summit

[On-Demand] Infosecurity Magazine Spring Online Summit - North America 2021

4
News Feature

Census 2021: How Safe Will Our Data Be Over the Next 100 Years?

5
Opinion

How Behavioral Biometrics is Combating Credential Stuffing Attacks

6
Webinar

Securing the #COVID19 Vaccine & Supply Chain