New flaw in IoT device affects nearly a third of organisations

News by Rene Millman

OpenDreamBox WebAdmin plug-in could enable hackers to execute commands on remote machines

Security researchers have warned of a new vulnerability discovered in the OpenDreamBox 2.0.0 WebAdmin Plugin that has affected nearly a third (32%) of organisations globally in the last month.

According to a new report by Check Point Research, the vulnerability, ranked the eighth most exploited one, enables attackers to execute commands remotely on target machines. 

The exploit was triggered alongside other attacks targeting IoT devices – in particular with the MVPower DVR Remote Code Execution (the third most popular exploited vulnerability in July) which is also known to be related to the notorious Mirai botnet.

The latest Global Threat Index for July 2019 report registered a major decrease in the use of Cryptoloot in July, as it fell to tenth in the top malware list from third in June 2019. 

"Threat actors are quick to try and exploit new vulnerabilities when they emerge, before organisations have had the chance to patch them, and the OpenDreamBox flaw is no exception.  Even so, it’s surprising that nearly a third of organisations have been impacted. This highlights how important it is that organisations protect themselves by patching such vulnerabilities quickly," said Maya Horowitz, threat intelligence & research director at Check Point.

"The sharp decline in the use of Cryptoloot is also interesting. It has dominated the top malware list for the past year-and-a-half and was ranked the second most common malware variant seen in the first half of 2019, impacting 7.2 percent of organizations worldwide.  We believe the decline is linked to its main competitor, Coinhive, closing its operations earlier in 2019. Threat actors are relying on alternative crypto-mining malware such as XMRig and Jsecoin."

The report found that the top three malware issues facing companies were XMRig (an open-source CPU mining software), Jsecoin (a JavaScript miner that can be embedded in websites),  and  Dorkbot )an IRC-based Worm designed to allow remote code execution by its operator).

The top three mobile malware published in the report were Lotoor (Hacking tool that exploits vulnerabilities on the Android operating system), AndroidBauts (adware targeting Android users), and Piom (adware which monitors the user’s browsing behaviour).

The report said that last month’s most exploited vulnerabilities were SQL Injection, OpenSSL TLS DTLS Heartbeat Information Disclosure (CVE-2014-0160; CVE-2014-0346), and MVPower DVR Remote Code Execution.  The last of these is a remote code execution vulnerability that exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews