Singapore’s Cyber Security Agency (CSA) has issued an alert following the discovery of vulnerabilities in more than 100 million internet-connected devices globally. The CSA’s Singapore Computer Emergency Response Team (SingCert) said that administrators of the affected stacks are advised to apply security patches immediately.
Security patches have already been rolled out to address threats called Name: Wreck. These bugs are a set of Domain Name System (DNS) vulnerabilities that have the potential to cause either Denial of Service (DoS) or Remote Code Execution, allowing attackers to take targeted devices offline or to gain control over them. The widespread use of popular sets of rules called stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface. Organisations in the healthcare and government sectors are the most affected, said, security researchers. Other sectors implicated include entertainment, retail, manufacturing, financial services, and technology.
A cyber-security firm’s report said that Name: Wreck affect these stacks, which govern how devices can “talk” to each other over a network such as the Internet. However, the firm said that not all devices running the affected stacks are vulnerable, but it conservatively estimated that if 1% of the more than 10 billion deployments are, then at least 100 million devices are at risk.
Potentially affected equipment and devices include consumer electronic products such as wearable fitness products, smartphones, printers and smart clocks, ultrasound machines, defibrillators, patient monitors and critical medical equipment such as magnetic resonance imaging, storage systems, industrial manufacturing robots, and energy and power equipment in industrial control systems.
Also affected are unmanned combat aircraft, commercial aircraft, self-driving cars, space exploration rovers and critical systems for aviation, and high-performance servers and network appliances in millions of IT networks. It is not clear how many devices in Singapore are affected by these bugs.
The cybersecurity firm added that unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security. The firm said that one way a cybercriminal could exploit Name: Wreck is to compromise ultrasound machines that connect to a website to get firmware updates. They could also use the bug to redirect the ultrasound machines to their sites to download fake firmware which is malicious. The infected ultrasound machines could then be instructed by the malware to upload all medical records to the cybercriminal.
Although security patches have been rolled out, the cyber-security firm said patching can be difficult in some cases. For instance, if affected devices are not managed centrally, it means each one must be manually patched. Some devices also cannot be taken offline for this because of their mission-critical nature, such as medical devices and industrial control systems.
If patching is not available, SingCert advised administrators to enforce segmentation controls and proper network hygiene measures such as restricting external communication paths and isolating vulnerable devices. They should monitor patches released, monitor all network traffic for malicious data, and configure devices to rely on internal DNS servers.
Accordingly, the CSA’s core mission is to keep Singapore’s cyberspace safe and secure, to underpin National Security, power a Digital Economy, and protect the country’s Digital Way of Life. To underpin National Security, CSA continuously monitors cyberspace for cyber threats and protects and defends Critical Information Infrastructure (CII) to ensure the continuous delivery of essential services to Singapore residents. The agency analyses the risks that the threats pose and take appropriate mitigation measures to prevent them from affecting users.
Nonetheless, despite its best efforts, cyber-attacks may still succeed. To deal with them, the CSA have incident response teams who stand ready to investigate, contain and remediate serious cyber-attacks on our CIIs. CSA also regularly conducts cybersecurity exercises to ensure that the critical sectors are ready to respond promptly and effectively in the event of an attack.
