The bait is always an attached invoice, an .xlsm file. This, if opened, contacts a link chosen randomly from an internal list that downloads a DLL and infects the PC with malware.
CSIRT-Italy: Hundreds of millions of IoT devices are at risk of a hacker attack due to Ripple20. It is a package of 19 vulnerabilities, which affects from smart devices to business solutions in the Oil & Gas, nuclear and transportation sectors
Hundreds of millions of IoT devices are at risk of being hacked, “thanks” to “Ripple20”. They are 19 vulnerabilities that impact a library developed by the software company Treck inc. The CSIRT-Italy cyber security experts report it. The library, first released in 1997, is based on a TCP / IP stack that is used by companies to allow their devices to connect to the Internet. Further problems derive from the fact that this is integrated in different software suites; this causes greater security risks since many companies are not actually aware of the use of it. The Internet of Things products at risk include smart home devices, electrical network equipment, health and transport systems, industrial equipment, printers, routers, mobile and satellite communication equipment, data center devices, aeronautics and business solutions in the sectors Oil & Gas, nuclear and transport.
Cyber security experts: An attacker can remotely take control of vulnerable IoT systems, without any user interaction. But to do this he needs a direct connection to the target machine
According to cyber security experts, some of Ripple20’s vulnerabilities are classified as critical. These have a CVSSv3 score of 10, as they allow an attacker to remotely control vulnerable IoT systems without requiring any user interaction. To exploit the flaws, an attacker needs a direct connection to the affected machine. This makes devices directly connected to the Internet more at risk, also in consideration of their possible use for subsequent lateral movements within the network. A study conducted by Forescout Technologies researchers based on 37 device models from 18 suppliers (including manufacturers of printers, IP cameras and video conferencing systems, network equipment and ICS devices), however, reveals that there are about 15,000 potentially exposed Internet-connected devices to attacks. Treck Inc. has released an update that addresses the issues, but implementation is the responsibility of the vendors.