ASEC cybersecurity experts. The info-stealing malware is disguised as a utility program, and the infection process changes continually.
JSOF and Forescout: NAME:WRECK vulnerabilities expose over 100 million devices. They are 9 flows affecting DNS clients and causing DoS or RCE
Over 100 millions devices could be exposed, due to the NAME:WRECK vulnerabilities. They have been disclosed by JSOF and Forescout cybersecurity experts joint efforts. They are nine flaws, related to Domain Name System (DNS) implementations, causing either Denial of Service (DoS) or Remote Code Execution (RCE). This vulnerability set could potentially allow attackers to take target devices offline or take control over them.
The cybersecurity experts: The flaws affect 4 popular TCP/IP stacks
According to the cybersecurity experts, NAME:WRECK affects 4 popular TCP/IP stacks, including:
- FreeBSD: Commonly used in computers, printers, and networking devices found on Device Cloud;
- IPNet: Integrator solution offered by IPNet Solutions, geared for enterprise and telecom markets;
- NetX: Common product categories include mobile phones, consumer electronics, and business automation, in devices such as printers, smart clocks, systems-on-a-chip, and energy & power equipment in Industrial Control Systems (ICS);
- Nucleus NET: Part of Nucleus RTOS, and deployed in over 3 billion devices. Commonly used in building automation, operational technology, and VoIP, as well as ultrasound machines, storage systems, and critical systems for avionics.
The combination of widespread use of these stacks, together with external exposure of the vulnerable DNS clients, results in a dramatically increased attack surface. Even the most conservative estimates conclude that millions of devices are impacted by the vulnerabilities.