Did Brazil DSL Modem Attacks Change Device Security? - Security Intelligence

From 2011 to 2012, millions of Internet users successful Brazil fell unfortunate to a massive attack against susceptible DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain sanction strategy (DNS) servers. Victims trying to sojourn fashionable websites (Google, Facebook) were alternatively directed to imposter sites. These rogue sites past installed malware connected victims’ computers.

According to a study from Kaspersky Lab Expert Fabio Assolini citing statistic from Brazil’s Computer Emergency Response Team, the onslaught yet infected much than 4.5 cardinal DSL modems. 

The Brazil incidental illustrated that information experts could nary longer spend to disregard firmware vulnerabilities. With the frequence of firmware attacks continuing to rise, it’s wide that greater information indispensable beryllium a priority. But has instrumentality information meaningfully improved successful the past decade?

What Was the Brazil DSL Modem Hack?

According to Assolini, the archetypal vulnerability appeared to beryllium a chipset driver wrong the modems. Chipset drivers alteration due connection with instrumentality motherboards. This vulnerability allowed actors to motorboat a cross-site petition forgery (CSRF) attack. 

CSRF uses a elemental publication to bargain passwords and remotely log successful to instrumentality power of devices. Attackers past configured the hijacked modems to nexus to malicious DNS servers. Anyone utilizing the compromised modems was redirected to fake websites that mimicked morganatic sites. Upon landing connected imposter sites, the fake sites lured visitors into downloading banking fraud malware.

This azygous firmware weakness compromised six hardware manufacturers utilizing 40 malicious DNS servers. The onslaught yet reached web devices belonging to millions of idiosyncratic and concern users. 

How Secure is Firmware Today?

Since the Brazil DSL modem onslaught incident, has hardware instrumentality information improved? Maybe not.

The NIST National Vulnerability Database shows that attacks connected firmware roseate by 500% from 2018-2021. Meanwhile, a Microsoft study showed that much than 80% of enterprises experienced astatine slightest 1 firmware onslaught during the aforesaid clip period. The Microsoft study besides revealed that lone 29% of information budgets are allocated to support firmware.

Then there’s Dell’s BIOS Security – The Next Frontier for Endpoint Protection report, conducted by Forrester. It surveyed much than 300 employees to analyse the severity of hardware-level information issues. Nearly two-thirds of organizations surveyed said they person a mean to precocious level of vulnerability to threats owed to the hardware proviso chain. Only 59% of survey participants said they had implemented capable information strategies.

The Larger IoT Threat

When it comes to cyber incidents, we often deliberation astir bundle vulnerability oregon phishing attacks. The Brazil DSL modems incidental began with a operator vulnerability. But successful the astir cardinal sense, drivers are bundle too. A hardware onslaught whitethorn people firmware oregon immoderate different bundle installed connected the device. Perhaps the champion attack is to measure the authorities of immoderate instrumentality retired of the box.

One of the biggest hardware-related vulnerability scenarios is Internet of Things (IoT). Internet-connected devices often travel with default credentials similar “admin” and “password”. Because galore instrumentality makers don’t necessitate users to acceptable up a caller unsocial username and password, these devices stay with default credentials which are casual to hack.

Even aft changing the defaults, determination are different ways to interruption into IoT devices. SSH and telnet connection services fto hackers unit their mode into devices. This is due to the fact that changing the password connected a device’s web app does not ever alteration the password coded into the instrumentality itself. What’s more, users cannot feasibly alteration these passwords hardcoded into the firmware. The web interface whitethorn not adjacent beryllium alert that these credentials exist.

In 2016, this was precisely however attackers took down Dyn, a institution that managed web postulation for large brands specified arsenic Twitter, Spotify, Netflix, Reddit, Etsy and Github. Threat actors inserted Mirai malware to commandeer astatine slightest 100,000 devices (webcams, DVRs, etc.) arsenic zombies to motorboat a monolithic DDoS onslaught against Dyn.

Today, IoT has penetrated conscionable astir each sector. Attacks tin hap connected cardiac devices, webcams, babe monitors, cars and adjacent F15 combatant jets. There was besides a caller CISA advisory informing astir vulnerabilities successful the concern power strategy (ICS) and information acquisition (SCADA) devices. Given the hazard magnitude, it’s wide that hardware and instrumentality information cannot beryllium ignored.

Start with Zero Trust

The endeavor perimeter tin nary longer beryllium a information gatekeeper. The ubiquity of distant enactment and connected devices creates adjacent much vulnerabilities. Perhaps the fastest and astir broad mode to unafraid your IT ecosystem is done a zero trust approach. In zero trust, 2 workloads — apps, users, software, devices oregon immoderate different computing constituent — payment from a section extortion strategy to enforce information policies. 

Zero spot means entree is denied by default. Users and devices are continually validated and monitored. And entree is granted based connected slightest privilege and individuality entree absorption (IAM) principles. Much of this is supported by contextual analytics via artificial quality for actionable insights.

Hardware Bill of Material and Patching

For hardware security, experts besides urge hardware measure of worldly (HBOM) and patching strategies.

Establishing an HBOM begins with cataloging each the hardware and devices connected to your network. From there, you way and papers hardware information vulnerabilities. Protection begins with knowing which silicon versions are susceptible and what products usage contaminated chips. This enables concern hazard appraisal which guides patching and information update protocols.

Since you can’t spot each devices astatine once, due triage is essential. For example, what vulnerabilities are nearest to mission-critical systems? Remember, devices tin beryllium added astatine immoderate time. So it’s captious to support an up-to-date web instrumentality inventory. Automated hardware inventory absorption programs tin beryllium a large assistance here.

Continued Collaborative Effort is Key

While a company’s information measures are important, instrumentality manufacturers’ efforts are besides portion of the solution. In his study connected the Brazil DSL modem attack, Assolini criticized manufacturers and regulators for not paying attraction to hardware security. 

That is opening to change. The White House precocious released its ain plans to amended IoT security. The thought is to bring unneurotic companies, associations and authorities partners to sermon the improvement of a statement for IoT devices. The labels would place which devices conscionable the highest cybersecurity standards.

Coincidentally, the U.S. Government besides recognizes the worth of zero trust. A caller presidential memo outlined plans to necessitate agencies to conscionable circumstantial zero spot cybersecurity standards and objectives by the extremity of Fiscal Year 2024.

The Brazil DSL modem attacks were a reminder that neglecting firmware information tin pb to devastating consequences. Hopefully, manufacture and authorities efforts, alongside intelligent information strategies, volition amended hardware information for everyone.