11
Jan, 2019
router_botnet_400.jpg

What is a Router Botnet? Find Out Today!

router_botnet_400.jpg

Ordinarily, one of the best ways to protect your organization’s infrastructure is to make sure any and all patches administered to the software you use are applied as soon as possible after they’ve been released. However, patches don’t help against threats that aren’t discovered at the moment they are released. The recent spread of BCMUPnP_Hunter botnet shows that it’s not enough for people to keep patching their systems.

Threat Background
This botnet was initially discovered in September. Since then, it has infected devices to support a huge spam email campaign. BCMUPnP_Hunter is able to zero-in on victims thanks to its ability to scan for potential targets, like routers with the BroadCom University Plug and Play feature enabled. The system can then be taken over by the hacker.

It is assumed that the network created by BCMUPnP_Hunter was created to send out spam emails. The threat creates a proxy that communicates with email servers, allowing attackers to use botnets to generate profit through fraudulent clicks. What’s more is that the malware seems to have been created by someone who has a considerable amount of skill. To make things worse is that BCMUPnP_Hunter also appears to scan from over 100,000 sources, making this botnet quite large.

How Does This Prove That Patches Aren’t Working?
In order for BCMUPnP_Hunter to work as intended, it must target devices that have BroadcomUPnP enabled to take advantage of a vulnerability. The thing is that this vulnerability has been patched since 2013 when it was first discovered, meaning that most manufacturers have issued a patch since then. Therefore, the majority of devices being used by this threat are those that haven’t been patched for some reason or another.

The Lesson Learned
A simple lesson can be learned here. It goes to show that any equipment on your infrastructure that’s not maintained could be putting your business at risk. This includes making sure that you implement patches and security updates as soon as they are released. Of course, they aren’t always broadcast to the public–after all, who would want to admit that the product they have created is vulnerable to attack, and that the vulnerability is being exploited? As a business owner, it’s your responsibility to keep up with the latest threats.

Granted, not all business owners have the time or luxury to focus on something like this. For those who want to minimize the threat posed by vulnerabilities, give the IT professionals at NuTech Services a call at 810.230.9455.

5
Jun, 2015
b2ap3_thumbnail_black_market_hacker_400.jpg

Where Hackers Go to Shop for Malware

b2ap3_thumbnail_black_market_hacker_400.jpgYou might recall how the Silk Road, an illegal online drug market, was recently shut down. Similar to the Silk Road, there’s another distributor of sensitive information out there; this one dealing with zero-day vulnerabilities. These types of cyber threats sell for top-dollar, and hackers are willing to pay in order to access your network.

As reported by WIRED magazine, this new marketplace calls itself TheRealDeal Market. Thanks to the anonymity of the Darknet, TheRealDeal market is capable of using software like Tor to cover its tracks, and Bitcoin to keep transactions anonymous. WIRED goes into detail about the niche which differentiates TheRealDeal from other vulnerability markets: high-quality code, stolen credentials, and hacking tools that are exceptionally difficult to get a hold of. This essentially equates TheRealDeal to a high-end code market that provides a “reliable” mode of acquisition for cybercriminals.

Of course, there’s no telling whether any of these supposed exploits being sold are “the real deal.” According to WIRED:

Any of the listings could instead be attempts to scam gullible buyers. The $17,000 iCloud vulnerability in particular, which claims to offer access to virtually all of a user’s sensitive mobile data including emails and photos, seems like an unusually good bargain. For comparison, zero-day salesmen told me in 2012 that a working iOS exploit could sell for as much as $250,000. The next year The New York Times reported that one had sold to a government for a half million dollars.

In other words, it might really be too good to be true for some hackers, and the site might even be trying to pull them into a hoax (scamming the scammers). Despite this, TheRealDeal apparently has some sort of fraud protection service, though it’s unclear how it operates. Plus, TheRealDeal is surprisingly sophisticated, especially considering the plethora of other illicit activities that the market is known for, including the selling of contraband, illegal substances, and stolen identities.

The level of professionalism seen here is disturbing, but if nothing else, it shows that hackers are both organized and resourceful. Unfortunately, by strategically offering rare code to well-funded hackers, TheRealDeal is making malicious code more readily available to the rest of the world, which means that hacking attacks will grow more common in the near future.

Thankfully, you don’t have to worry if your business is prepared for the worst. By taking advantage of comprehensive security features, like those offered with NuTech Services’s UTM (Unified Threat Management) solution, your business can reap the benefits of enterprise-level security measures. To fortify your business’s network from the latest threats and security vulnerabilities, give us a call at PHONENUMER today.