What is NAME:WRECK Bug ?
New 9 viruses have been discovered called the NAME: WRECK Bugs. Four most commonly used TCP/IP stacks, FreeBSD, IPnet, Nucleus NET, and NetX are attacked by these newly discovered 9 NAME: WRECK Bug, which are present in the well-known IT sector
FreeBSD runs on high-performance servers on millions of networks and is also used on other well-known applications such as firewalls and some commercial network appliances. Nucleus NET is very well known in the medical sector. It has over three billion known installations in medical devices, avionics systems, and building automation.
NetX, meanwhile, runs in medical devices, systems-on-a-chip, and several types of printers, as well as energy and power equipment in industrial control systems (ICS).
NAME: WRECK is a significant and widespread set of vulnerabilities with the potential for large-scale disruption
Daniel dos Santos, research manager at Forescout Research Labs.
“Complete protection against NAME: WRECK requires patching devices running the vulnerable versions of the IP stacks and so we encourage all organizations to make sure they have the most up-to-date patches for any devices running across these affected IP stacks.”
“Unless urgent action is taken to adequately protect networks and the devices connected to them, it could be just a matter of time until these vulnerabilities are exploited, potentially resulting in major government data hacks, manufacturer disruption or hotel guest safety and security.”
What does NAME:WRECK Bug do to the servers ?
The NAME: WRECK Bug impacts organizations in multiple sectors, manufacturing and retail, from the government to healthcare, and if successfully hacked by malicious actors in a denial of service (DoS) or remote code execution (RCE) attack, could be used to disrupt or take control of networks in question.
NAME: WRECK is the second major set of TCP/IP vulnerabilities uncovered by Forescout’s team discovered NAME: WRECK Bugs and said that it is the second major set of TCP/IP as part of a research program called Project Memoria.
What Should Users Of Servers In Question Do To Avoid Being Attacked By The NAME:WRECK Bug ?
In the light of this, Forescout and JSOF are recommending a series of mitigations:
- Servers in question should try to discover and inventory devices running the vulnerable stacks – Forescout has pushed out an open source script that gives access to authorized fingerprints. It is also being updated as and when new developments occur.
- Enforcing segmentation controls and increasing network hygiene, restricting external ways of communication and not using vulnerable devices anymore if they cannot be patched.
- checking if patches being dropped by affected device suppliers and devise a remediation plan for inventory that got affected.
- Configuring affected devices to run on internal DNS servers, and monitor external DNS traffic(It is a system that helps in naming computer systems, networks, services and other resources hierarchically and in a decentralized manner, connected to internet.)
- checking all their network traffic for hackers trying to exploit known vulnerabilities or weaknesses or zero-days affecting DNS, mDNS and DHCP clients.
Also to know more about hacking read:- CTF in Hacking: How to get started into Capture the Flag
