Over 100 Million IoT Devices Vulnerable To New NAME:WRECK Remote Execution Attacks
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices, leading to denial of service (DoS) and remote code execution.
Forescout reports that the NAME:WRECK vulnerabilities are bugs within TCP/IP stacks FreeBSD, Nucleus NET, IPnet, and NetX. These stacks are used in millions of different devices, and when paired with the “often external exposure of vulnerable DNS clients,” the attack surface can be quite a large target. The researchers specifically claim that organizations in healthcare and government sectors are “in the top three most affected for all three stacks,” meaning they could be most vulnerable and easily targeted.
Should an attacker want to go after these organizations, the report explains they could leverage three vulnerabilities within NAME:WRECK to inject code onto a target. It would take the attacker acting as a DNS server by way of a man-in-the-middle attack, which would allow them to reply to a DNS request with the malicious packet. Then, the attacker will have initial access, allowing them to laterally move within a network to compromise the device or data they want.
To avoid this very possible security breach situation, organizations need to patch devices running the vulnerable versions of the TCP/IP stacks. As Forescout states, FreeBSD, Nucleus NET, and NetX have been patched recently, so “device vendors using this software should provide their own updates to customers.” However, if this is not possible, organizations need to enforce network segmentation and proper network hygiene to mitigate risk. Either way, hopefully, NAME:WRECK will put more eyes on vulnerable network stacks, and consumers can face fewer cybersecurity threats in the future.