CallStranger vulnerability lets attacks bypass security systems, scan LANs and launch DDoS attacks
June 2020 by Ilia Kolochenko, Founder & CEO of ImmuniWeb
A severe vulnerability, named CallStranger which resides in a core protocol found in almost all internet of things (IoT) devices, is allowing attackers to hijack smart devices for distributed denial of service (DDoS) attacks. It is also being used for attacks that bypass security solutions to reach and conduct scans on a victim’s internal network — effectively granting attackers access to areas where they normally wouldn’t be able to reach.
More on that story here: https://www.zdnet.com/article/calls...
Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb , Master of Legal Studies (WASHU) & MS Criminal Justice and Cybercrime Investigation (BU), comments :
“Modern enterprises are characterized by a skyrocketing complexity of their IT infrastructure that may be dispersed across a hundred of countries and maintained by thousands of third parties. On one side, this makes organizations extremely vulnerable and susceptible to cyber-attacks such as ransomware, which exploit shadow IT devices, unprotected cloud and abandoned servers as an entry point into their victim’s premises. On the other side, however, this convoluted intricacy makes global attack virtually impossible, as some disjoint parts of the central system will continue working in isolation. It is nonetheless perfectly possible to identify the “heart and the brain” of the system and target it directly with disastrous consequences.
We will likely see professional cyber mercenaries being hired not just for data theft campaigns but for highly destructive and damage-creation hacking campaigns. Amid the political and economic crisis of the unprecedented scale, many unscrupulous organizations and state actors won’t hesitate to crush their rivals by paralyzing their computerized factories, supply management chains and sales points. Given how interconnected our IT infrastructure has become, thanks to the rapid proliferation of IoT devices and connected objects, one wisely prepared attack could swiftly shut down a global company for several weeks or even months. Visibility, inventory and continuous monitoring of your digital assets and data is the key to avoid falling victim to the sophisticated attacks.”