CAMBRIDGE, Mass., Oct. 12, 2016 /PRNewswire/ -- Akamai
Technologies, Inc. (NASDAQ: AKAM), the global leader in content
delivery network (CDN) services, today published new research from
the company's Threat Research team. Akamai researchers Ory Segal and Ezra Caltum have identified a
recent spate of attacks whereby attackers are using Internet of
Things (IoT) devices to remotely generate attack traffic by using a
12-year old vulnerability in OpenSSH, which we are calling
SSHowDowN Proxy. A full report detailing the attacks is available
for download here http://akamai.me/2dTsrg8.
Overview
It is important to note that the research and subsequent
advisory do not introduce a new type of vulnerability or attack
technique, but rather a continued weakness in many default
configurations of Internet-connected devices. These devices are now
actively being exploited in mass-scale attack campaigns against
Akamai customers.
The Threat Research Team has observed SSHowDowN Proxy attacks
originating from the following types of devices:
- CCTV, NVR, DVR devices (video surveillance)
- Satellite antenna equipment
- Networking devices (e.g. Routers, Hotspots, WiMax, Cable and
ADSL modems, etc.)
- Internet connected NAS devices (Network Attached Storage)
- Other devices could be susceptible as well
Compromised devices are being used for:
- Mounting attacks against a multitude of Internet targets and
Internet-facing services, such as HTTP, SMTP and Network
Scanning
- Mounting attacks against internal networks that host these
connected devices
Once malicious users access the web administration console, they
have been able to compromise the device's data and, in some cases,
fully take over the machine.
"We're entering a very interesting time when it comes to DDoS
and other web attacks; 'The Internet of Unpatchable Things' so to
speak," explained Ory Segal, senior
director, Threat Research, Akamai. "New devices are being shipped
from the factory not only with this vulnerability exposed, but also
without any effective way to fix it. We've been hearing for years
that it was theoretically possible for IoT devices to attack. That,
unfortunately, has now become the reality."
Mitigation
Some recommended approaches to mitigation include:
- If the device offers access to alter the SSH passwords or keys,
change those from the vendor defaults.
- If the device offers direct file system access:
- Add "AllowTcpForwarding No" into the global sshd_config
file.
- Add "no-port-forwarding" and "no-X11-forwarding" to the
~/ssh/authorized_ keys file for all users.
- If neither option above is available, or if SSH access is not
required for normal operation, disable SSH entirely via the
device's administration console.
If the device is behind a firewall, consider doing one or more
of the following:
- Disable inbound connections from outside the network to port 22
of any deployed IoT devices
- Disable outbound connections from IoT devices except to the
minimal set of ports and IP addresses required for their
operation.
Akamai continues to monitor and analyze data related to this
ongoing IoT threat. To learn more, please download a complimentary
copy of the research white paper at
http://akamai.me/2dTsrg8.
About Akamai
As the global leader in Content Delivery
Network (CDN) services, Akamai makes the Internet fast, reliable
and secure for its customers. The company's advanced web
performance, mobile performance, cloud security and media delivery
solutions are revolutionizing how businesses optimize consumer,
enterprise and entertainment experiences for any device, anywhere.
To learn how Akamai solutions and its team of Internet experts are
helping businesses move faster forward, please visit www.akamai.com
or blogs.akamai.com, and follow @Akamai on Twitter.
Contacts:
|
Rob Morton
Media Relations
617-444-3641
rmorton@akamai.com
|
--or--
|
Tom Barth
Investor Relations
617-274-7130
tbarth@akamai.com
|
Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/akamai-threat-research-team-identifies-new-abuses-of-openssh-vulnerability-300343049.html
SOURCE Akamai Technologies, Inc.