.JPG)
Hundreds of thousands of insecure machine-to-machine deployments put global organizations at risk
In just four months, Trend Micro researchers identified over 200 million MQTT (Message Queuing Telemetry Transport) messages and over 19 million CoAP (Constrained Application Protocol) messages were leaked by exposed brokers and servers. Using simple keyword searches, malicious attackers were able to locate this leaked production data, identifying profitable asset, personnel, and technology information that could be used for targeted attacks.
Research shows how attackers can remotely control endpoints from connected devices or perform a denial-of-service attack by taking advantage of security issues in the design, implementation and deployment of devices that use these protocols. Furthermore, by abusing specific functionality in the protocols, hackers could maintain persistent access to a target while moving laterally through the network.
According to the study, these protocols were not designed with security systems in mind, and yet they are found in an increasing variety of mission-critical environments and use cases, posing a major cybersecurity risk. Hackers, even with modest resources, can exploit these flaws and vulnerabilities to perform reconnaissance, lateral movement, covert data theft, and denial-of-service attacks. The research also shows how attackers can remotely control IoT endpoints or deny service, taking advantage of security issues in the design, implementation and deployment of devices using these protocols. Furthermore, by abusing specific functionality in the protocols, hackers could maintain persistent access to a target to move laterally through a network.
Some vulnerabilities were also identified through this research, which were disclosed through Trend Micro's Zero Day Initiative (ZDI): CVE-2017-7653, CVE-2018-11615, and CVE-2018-17614. An example of the impact these vulnerabilities could have, CVE-2018-17614 is an out-of-bounds operation that could allow an attacker to run arbitrary code on vulnerable devices that implement an MQTT client. While no new CoAP vulnerabilities were found, the report stresses that CoAP is based on the user datagram protocol and follows a request-response scheme, making it a good fit for amplification attacks.
To mitigate the risks highlighted in the survey, Trend Micro recommends that companies:
– Implement appropriate policies to remove unnecessary M2M services;
– Run periodic scans using internet-wide scanning services to ensure sensitive data does not leak through public IoT services;
– Implement a vulnerability management workflow or other means to secure the supply chain;
– Keep up to date with industry standards as this technology is evolving rapidly.
click here to access the full report.
Research shows how attackers can remotely control endpoints from connected devices or perform a denial-of-service attack by taking advantage of security issues in the design, implementation and deployment of devices that use these protocols. Furthermore, by abusing specific functionality in the protocols, hackers could maintain persistent access to a target while moving laterally through the network.
According to the study, these protocols were not designed with security systems in mind, and yet they are found in an increasing variety of mission-critical environments and use cases, posing a major cybersecurity risk. Hackers, even with modest resources, can exploit these flaws and vulnerabilities to perform reconnaissance, lateral movement, covert data theft, and denial-of-service attacks. The research also shows how attackers can remotely control IoT endpoints or deny service, taking advantage of security issues in the design, implementation and deployment of devices using these protocols. Furthermore, by abusing specific functionality in the protocols, hackers could maintain persistent access to a target to move laterally through a network.
Some vulnerabilities were also identified through this research, which were disclosed through Trend Micro's Zero Day Initiative (ZDI): CVE-2017-7653, CVE-2018-11615, and CVE-2018-17614. An example of the impact these vulnerabilities could have, CVE-2018-17614 is an out-of-bounds operation that could allow an attacker to run arbitrary code on vulnerable devices that implement an MQTT client. While no new CoAP vulnerabilities were found, the report stresses that CoAP is based on the user datagram protocol and follows a request-response scheme, making it a good fit for amplification attacks.
To mitigate the risks highlighted in the survey, Trend Micro recommends that companies:
– Implement appropriate policies to remove unnecessary M2M services;
– Run periodic scans using internet-wide scanning services to ensure sensitive data does not leak through public IoT services;
– Implement a vulnerability management workflow or other means to secure the supply chain;
– Keep up to date with industry standards as this technology is evolving rapidly.
click here to access the full report.
EN 
PT 
