Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
German Authorities Dismantle the Nemezis Market Dark Web Marketplace
March 28, 2024
A Cybercrime Ring Responsible For Hijacking Over 100M Email, Instagram Accounts Dismantled
March 21, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

New Vulnerability Allows DDoS Attack and Data Exfiltration on Billions of Devices

By Alicia Hope for CPO Magazine
Tuesday, June 16, 2020

Home users are not directly affected by the CallStranger vulnerability unless their Internet-enabled devices have UPnP endpoints. They are therefore advised against port forwarding to UPnP endpoints.

Increased risks for the enterprise

With the Internet of things (IoT) becoming common in modern enterprise networks, the UPnP vulnerability increases the attack surface and makes it more likely for hackers to succeed in breaching networks. Hackers can now steal sensitive data through data exfiltration and shut down intranets by waging a DDoS attack on the host network. To prevent these forms of attacks, organizations could disable UPnP support for IoT devices with access to sensitive information. Isolating such devices from the enterprise network could also prevent such attacks from happening. However, updating the UPnP devices should be a priority for organizations.

Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb says shadow IT and the complexity of IT infrastructure makes enterprise networks more vulnerable to attacks.

“Modern enterprises are characterized by a skyrocketing complexity of their IT infrastructure that may be dispersed across a hundred of countries and maintained by thousands of third parties. On one side, this makes organizations extremely vulnerable and susceptible to cyber-attacks such as ransomware, which exploit shadow IT devices, unprotected cloud and abandoned servers as an entry point into their victim’s premises. On the other side, however, this convoluted intricacy makes global attack virtually impossible, as some disjoint parts of the central system will continue working in isolation. It is nonetheless perfectly possible to identify the ‘heart and the brain’ of the system and target it directly with disastrous consequences.”

He adds that, “We will likely see professional cyber mercenaries being hired not just for data theft campaigns but for highly destructive and damage-creation hacking campaigns. Amid the political and economic crisis of the unprecedented scale, many unscrupulous organizations and state actors won’t hesitate to crush their rivals by paralyzing their computerized factories, supply management chains and sales points. Given how interconnected our IT infrastructure has become, thanks to the rapid proliferation of IoT devices and connected objects, one wisely prepared attack could swiftly shut down a global company for several weeks or even months. Visibility, inventory and continuous monitoring of your digital assets and data is the key to avoid falling victim to the sophisticated attacks.” Read Full Article


Previous Media Publications:

DAWN: Govt’s Covid-19 app sparks furore over security flaws

The Hacker News: A New Free Monitoring Tool to Measure Your Dark Web Exposure

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential