According to a new report by Forescout and JSOF, it was found out that security vulnerabilities in millions of Internet of Things devices (IoT) could allow cybercriminals to turn devices offline and take control of them remotely.
Indeed, the study showed that there were nine vulnerabilities that could affect four TCP/IP stacks and that were related to Domain Name System (DNS) implementations, which can lead to Denial of Service (DoS) or Remote Code Execution (RCE) by attackers. Thus, it is possible that over one hundred million consumers, businesses, and industrial IoT devices are affected.
The researchers have named the vulnerabilities ‘Wreck’, referencing to the way it can break DNS implementations in TCP/IP stack, leading to potential attacks. Although security patches were put into place to fix the vulnerabilities, applying security updates to IoT devices remains difficult, allowing cyberattackers to take advantage of it.
Moreover, the report stated that healthcare organisations might be the most at risk, with cyber criminals accessing medical devices and gaining private data. Cyberattackers could also target enterprise networks and go after sensitive information.
Hence, the research advises any business and organisation to apply the necessary security patches so as to protect their networks. It also suggests to segment and monitor network traffic.