Specific Safety reported that some hackers managed to infect with malicious software some devices IoT still running Windows 7 and have been designed by three of the largest manufacturers in the world.
The discovery was made by TrapX researchers, who believe it may be a ” supply chain attack “.
According to the data, the infection took place a few months ago, in October 2019. The hackers infected the IoT devices with malware that belongs to the cryptocurrency miners. Affected IoT devices include self-guided vehicles (AGVs, robots), a printer and a smart TV.
“The sample of malware analyzed by TrapX® is part of the Lemon_Duck family that runs double-click or through persistence mechanisms,” TrapX researchers said. “Initially, the malicious program swept the network for possible targets, especially those open to service SMB (445) or MSSQL (1433). Once a potential target was identified, the cryptocurrency miner began his work. “
According to experts, the attacks on the three manufacturers’ IoT devices are probably part of the same hacking campaign. The attackers infected at least 50 companies’ sites in the Middle East, North America, and Latin America.
The attackers used a downloader that executes malicious scripts related to cryptocurrency miner Lemon_Duck. Researchers say this malware is spreading very fast, which is why it is considered “extremely dangerous”.
“Once again, the entry point was an IoT device running Windows 7. The attacks confused the production process, destroying AGV robots. The malware has spread quite quickly, ”the researchers said. “TrapX software provided a timely detection of cryptocurrency malware and allowed the security team to immediately disconnect infected AGVs from the network.” AGV-robots are IoT technology and are commonly used to transport materials to factories.
Windows 7 ceased to be supported by Microsoft about a month ago. However, many users around the world continue to use them, making their devices vulnerable. Cybercriminals are aware of this and are looking for vulnerable IoT and other systems to attack.
Experts have found many automated vehicles (AGVs) running Windows 7 to be infected with the cryptocurrency miner.
Also, the cryptocurrency miner was found in HP’s DesignJet SD Pro printer, which has been used to print designs that contain sensitive data related to the target production process. The hackers infecting their device and gained access to the target network.
Finally, the malware was installed on a smart TV with a built-in PC that also ran Windows 7.
TrapX experts suspect it was a supply chain attack and that malware was first installed on vulnerable devices and then affected the manufacturers’ sites.
More details on the contamination of IoT devices can be found in the report published by TrapX.