New MIRAI Variant Cyber Threat 'OMNI' That Exposes Almost Every Video Conferencing Device to Remote Attack
WootCloud identifies —OMNI— a new MIRAI Variant cyber threat.
SAN JOSE, Calif., August 14, 2018 (Newswire.com) - WootCloud, a stealth mode startup, today announced the discovery of a new MIRAI variant cyber-threat — OMNI — potentially affecting at least a million Polycom enterprise conferencing systems.
Nearly all models of Polycom HDX series with enterprise audio/video conferencing capabilities are vulnerable to this attack. If exploited, the botnet could enable an attacker to launch brute-force attacks, DDoS attacks and allow the conferencing devices to be used as proxy devices for routing malicious communications such as Command and Control (C&C). Attackers can abuse the APIs supported by Polycom for performing the operations in the device. WootCloud reported this bot to Polycom and the UC community.
OMNI botnet represents the most severe IoT issue in the enterprise conference systems to date. OMNI is harnessing the power of open-source software packages such as “BusyBox,” WGet” and others that shipped with the embedded firmware of the Polycom devices bypassing the various authentication mechanisms and enabling a complete takeover of the target device. It also enables the attackers to launch brute-force attacks and DDoS attacks and allow conferencing systems to act as proxy devices for routing malicious communications such as Command and Control (C&C).
"These attacks are completely invisible to traditional security controls and procedures. Companies have blind spots for monitoring these devices, so they can't see these attacks or stop them. The research reemphasized that smart connected devices inside enterprises are the new attack vectors in the IoT era." said WootCloud Founder, Srinivas Akella.
To read a blog of how OMNI works and may spread, please visit WootCloud. To read the Polycom security bulletin relating to HDX and the OMNI botnet, visit https://support.polycom.com/content/support/security-center.html.
WootCloud, the enterprise IoT security company, is the only IoT security solution provider to leverage both the radio and network characteristics to neutralize IoT threats. The flagship Shield portfolio of Visibility and Control Solutions provides real-time, end-to-end visibility, security, and control for any device inside enterprises. WootCloud is a privately held company and headquartered in San Jose, California, with offices in India and Argentina.
Related Links: http://www.wootcloud.com