Cybercriminals hack physical access systems – used for DDoS ​​attacks

Cybercriminals hack physical access systems – used for DDoS ​​attacks

Cybercriminals have started hacking, physical connected access systems and systems for smart buildings. But instead of exploiting the vulnerabilities to get into the buildings, the units are used for DDoS attacks.

More and more of the ddos ​​attacks occur via mobile devices and now mobile phones and touch plates account for 41 percent of traffic. According to Nexusguard, three quarters come from iOS devices, ie Iphone, Ipad and Ipod Touch.

Firewall provider SonicWall has intercepted traffic showing that cybercriminals are attacking and hacking access systems and connected systems for smart buildings and offices from the provider Nortek Security & Control (NSC). 

The cybercriminals thus exploit ten vulnerabilities in the Linear eMerge E3 model, which was discovered in May 2019 by IT security company Applied Risk. This is reported by ZDNet .

Although the vulnerabilities are very serious, the CVSS score is between 9.8 and 10 out of 10 for six of the models, so far, NSC has not produced updates. Applied Risk, for its part, had provided a proof-of-concept in November 2019.

The vulnerability that is easy to exploit

Of the ten vulnerabilities in Linear eMerge E3, the criminal hackers have targeted CVE-2019-7256 with a CVSS score of 10. 

This vulnerability allows attackers to execute arbitrary code at the administrator level remotely. Furthermore, vulnerability is easy to exploit even for those with lower skills.

The hackers so far do not seem to be targeting the buildings or organizations where the access systems are installed but are using the hacked systems as a starting point for DDoS attacks.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp
Share on pinterest
Share on reddit
Tags: No tags

Add a Comment

Your email address will not be published. Required fields are marked *