Did Brazil’s DSL Modem Attacks Change Equipment Security?

Did Brazil’s DSL Modem Attacks Change Equipment Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to massive Attack Against weak DSL modems. By remotely configuring the modem, attackers can redirect users to malicious Domain Name System (DNS) servers. Victims who tried to visit popular websites (Google, Facebook) were directed to spoof sites instead. These rogue sites installed malware on victims’ computers.

According to A report by Kaspersky Lab expert Fabio Assolini The attack ultimately infected more than 4.5 million DSL modems, citing data from Brazil’s Computer Emergency Response Team.

The Brazil incident made clear that security experts can no longer ignore firmware vulnerabilities. With the frequency of firmware attacks continuing to increase, it is clear that greater security must be a priority. But has device security improved meaningfully over the past decade?

What Was The Brazil DSL Modem Hack?

According to Assolini, the initial vulnerability appears to be a Chipset Driver inside the modem. Chipset drivers enable proper communication with the device motherboard. This vulnerability allowed actors to launch Cross-Site Request Forgery (CSRF) attack.

Uses a simple script to steal CSRF passwords and log in to control devices remotely. The attackers then configured the hijacked modems to link to malicious DNS servers. Anyone using the compromised modem was redirected to fake websites imitating legitimate sites. Upon landing on the pretend sites, the fake sites lured visitors into downloading banking fraud malware.

This single firmware vulnerability compromised six hardware manufacturers using 40 malicious DNS servers. The attack eventually reached the network devices of millions of personal and business users.

How secure is firmware today?

Since the Brazil DSL modem attack incident, has hardware device security improved? Probably not.

NIST National Vulnerability Database shows firmware attack 500% increase from 2018-2021. Meanwhile, a Microsoft The report revealed that more than 80% of enterprises experienced at least one firmware attack during the same time period. The Microsoft report also revealed that only 29% of security budgets are allocated to firmware security.

then del is BIOS Security – The Next Frontier for Endpoint Protection report hosted by Forrester. It surveyed over 300 employees to examine the severity of hardware-level security issues. Nearly two-thirds of organizations surveyed said they face a moderate to high level of threat from their hardware supply chain. Only 59% of study participants said they implemented adequate security strategies.

Big IoT Threat

When it comes to cyber incidents, we often think of software vulnerabilities or phishing attacks. The Brazil DSL modem incident started with a driver vulnerability. But in the most fundamental sense, drivers are also software. A hardware attack can target the firmware or any other software installed on the device. Perhaps the best way is to evaluate the state of any device out of the box.

One of the biggest scenarios for hardware-related vulnerabilities is the Internet of Things (IoT). internet connected devices Often come with default credentials like “admin” and “password”. Because many device manufacturers do not require users to set a new unique username and password, these devices remain with default credentials that are easy to hack.

Even after changing the default, there are other ways to break into IoT devices. ssh and telnet Communication services let hackers force their way into devices. This is because changing the password on the device’s web app does not always change the password coded into the device itself. What’s more, users cannot possibly change these passwords that are hardcoded in the firmware. The web interface may not even be aware that these credentials exist.

In 2016, it was exactly the same the assailants knock down the dean, a company that manages web traffic for major brands such as Twitter, Spotify, Netflix, Reddit, Etsy, and Github. Bad actors inserted Mirai malware to commandeer at least 100,000 devices (webcams, DVRs, etc.) as zombies in order to launch a massive DDoS attack against Dyn.

Today, IoT has entered almost every field. attack can occur on cardiac devices, webcams, baby monitors, cars and even F15 Fighter Jets, was also recently CISA Consultant Alerts about vulnerabilities in industrial control systems (ICS) and data acquisition (SCADA) equipment. Given the magnitude of the risks, it is clear that hardware and device security cannot be ignored.

start with zero trust

The enterprise perimeter can no longer be the security gatekeeper. The ubiquity of remote working and connected devices creates even more vulnerabilities. Perhaps the fastest and most comprehensive way to secure your IT ecosystem is a zero trust the vision. In zero trust, the two workloads – app, user, software, device or any other computing component – ​​benefit from a local security scheme to enforce security policies.

Zero trust means that access is denied by default. Users and devices are continuously validated and monitored. And access is granted based on least privilege and Identity Access Management (IAM) principles. Most of these are backed by contextual analysis through artificial intelligence for actionable insights.

Hardware bill of material and patching

Experts also recommend hardware security Hardware Bill of Material (HBOM) and patching strategies.

Setting up HBOM begins with listing all the hardware and devices connected to your network. From there, you track and document hardware security vulnerabilities. Protection begins with understanding which silicon versions are vulnerable and which products use contaminated chips. This enables business risk assessment that guides patching and security update protocols.

Since you cannot patch all devices at once, proper triage is essential. For example, what vulnerabilities are closest to mission-critical systems? Remember, devices can be added at any time. That’s why it’s important to maintain an up-to-date network device inventory. Automated hardware inventory management programs can be of great help here.

continued collaborative effort is the key

While a company’s security measures are important, the efforts of equipment manufacturers are also part of the solution. In his report on the Brazilian DSL modem attack, Assolini criticized manufacturers and regulators for not paying attention to hardware security.

That’s starting to change. white House Recently released its plans for improving IoT security. The idea is to bring together companies, associations and government partners to discuss the development of a label for IoT devices. The labels will identify which devices meet the highest cyber security standards.

Incidentally, the US government also recognizes the value of Zero Trust. recently presidential memorandum The plans outlined a requirement for agencies to meet specific zero trust cyber security standards and objectives by the end of fiscal year 2024.

The Brazil DSL modem attacks were a reminder that neglecting firmware security can have disastrous consequences. Hopefully, industry and government efforts, along with intelligent security strategies, will improve hardware security for all.

#Brazils #DSL #Modem #Attacks #Change #Equipment #Security

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
سيتات آورج 2022 سيتات آورج 2022