Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

Single-Source Commands Believed To Facilitate Cyberattack On Network Equipment

By Michael Luciano | July 27, 2018

Share

Last week, eSentire Threat Intelligence observed an increase in targeted attempts at exploiting small-office/home-office (SOHO) and consumer-grade network devices manufactured by global network solutions provider Dasan, and networking equipment from D-Link. The activity was identified using automated analysis via a simple script written in the form of a complex equation as seen below.

B = (sum(x[i] * y[i] for i in xrange(N)) – 1./N*sum(x)*sum(y)) / (sum(x[i]**2 for i in xrange(N)) – 1./N*sum(x)**2) A = 1.*sum(y)/N – B * 1.*sum(x)/N

Fortunately, these attacks appear to have steadily dropped since the last major documented spike on June 1, when a surge of exploitation attempts from more than 3,000 source IPs implemented an array of attacks against D-Link 2750B and Dasan GPON routers. None of the exploitation attempts observed against eSentire customers were successful, and it is unknown whether this attack had any effects on home networks, where these devices are more likely to be deployed. What’s even more unsettling is how successful recruitment can potentially arm any associated threat actor(s) with DDoS artillery, enabling these individuals to facilitate espionage of private browsing habits.

Botnets built from compromised routers may eventually be offered as another service to other threat actors, who can utilize these networks to further extort DDoS victims (among other users).

Figure 1: Router exploits in the last two months. (Image Credit: eSentire)

The botnet’s coordination indicates a single entity controlled the source IPs that tripper router exploit signatures over a 10-hour span, as Figure 2 shows.

Figure 2: Number of distinct source IPs (top) and signatures fired (bottom) over the 10 hour campaign. See Figure 1 for color legend. (Image Credit: eSentire)

Exploits against Dasan GPON routers (CVE-2018-10562) that were recently announced appeared to have shorter life spans than the two other signatures, ending at 10 a.m. To further explain the coordination of the distributed attack against every affected organization, consider how the number of IPs attempting router exploits against each company was roughly equivalent to how many times the client experienced a particular signature being triggered (shown in Figure 3).

Figure 3: For each signature type (color) for each client (individual circles) the number of distinct IPs is compared with the number of signatures fired. Several outliers were removed. (Image Credit: eSentire)

The observation supports the proposition that the source IPs involved in the cyberattack were coordinated by a single-source command, so overall, this feature could be used to help automatically detect similar coordinated attacks in the future.

Taking IPs as shorthand for distinct source IPs, deviations contained in the linear trend existed for IP > 60 (for the command injection that Figure 3 shows), IP > 120 for the remote code execution attempt, and IP > 150 for the GPON exploit. The result of larger-sized organizations having a larger exposed threat surface can be likely attributed to higher variability. This makes an attacking IP more likely to make contact with multiple organizational assets, thus increasing the number of signatures raised.


Filed Under: M2M (machine to machine)

 

Related Articles Read More >

Part 6: IDE and other software for connectivity and IoT design work
Part 4: Edge computing and gateways proliferate for industrial machinery
Part 3: Trends in Ethernet, PoE, IO-Link, HIPERFACE, and single-cable solutions
Machine Learning for Sensors

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Global supply needs drive increased manufacturing footprint development
  • How to Increase Rotational Capacity for a Retaining Ring
  • Cordis high resolution electronic proportional pressure controls
  • WAGO’s custom designed interface wiring system making industrial applications easier
  • 10 Reasons to Specify Valve Manifolds
  • Case study: How a 3D-printed tool saved thousands of hours and dollars

Design World Podcasts

May 17, 2022
Another view on additive and the aerospace industry
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings