Sternum completes test against IoT-attacking malware

IoT and Cybersecurity firm Sternum has completed a live-fire test of its smart device security platform that fights against BotenaGo malware

Sternum, the universal Internet of Things (IoT) cybersecurity and analytics platform provider, has announced it has completed a successful live-fire test of its smart device security platform against BotenaGo malware. Sternum’s solution, which looks out for generic fingerprints of an attempted attack to protect the device’s runtime integrity, kept an unpatched device protected in multiple attacks utilizing an exploit from the virus’s arsenal.

“BotenaGo arms any script kiddo with a potent tool capable of infecting millions of devices,” says Natali Tshuva, Co-Founder and CEO of Sternum. “Patching takes time, and we know of a few cases where the devices were left vulnerable even after an available update. By beating the virus without the need for a patch, our platform once again proves itself as a powerful security platform that allows companies to always be one step ahead of the game. By focusing on generic fingerprints shared by all attacks instead of wasting time and money on patching specific vulnerabilities, it can defeat viruses that haven’t even been written yet.”

What did Sternum’s live trial involve?

Sternum pitted the malware against its unique IoT security solution in a live-fire trial on an off-the-shelf vulnerable device. First, the company’s team used a command injection exploit from the virus’s arsenal to infect an unpatched and unprotected Zyxel NAS326 cloud storage device. To confirm the successful attack, the security experts switched the light indicators on the device’s front on and off through the malware.  

Then, Sternum researchers installed the company’s solution on the device, still unpatched, and ran the attack again multiple times. The solution successfully protected the cloud storage unit, striking down the infection attempts. It also automatically collected all the necessary forensics data such as timestamps and IP addresses involved in the attacks, pinpointing the vulnerabilities in the device’s firmware and offering automatic root-cause analysis. 

 What exactly is Botnet malware and how does it affect IoT devices

Botnet malware seeks out vulnerabilities in millions of IoT devices and uses those to deploy malicious payloads, granting the hacker control over affected targets. An advanced botnet like Mirai can build up an entire army of “zombified” devices that would then be used for denial-of-service attacks and other malicious activities. BotenaGo, the new addition to this malware class, first came up on radars in November 2021 as a sleek and dangerous virus, packing 33 vulnerabilities tailored to infect millions of routers. 

A lot of the exploits it relies on are command injections, which force the device to execute malicious OS commands and are ranked as one of the most dangerous software vulnerabilities. In January 2022, BotenaGo’s source code went up on GitHub, available for any rookie hacker to use at will, or add some of its exploits to their own custom malware.  

Sternum’s single-click security solution gives any connected device the ability to protect itself against hacking attempts in real-time. It seeks out the generic fingerprints of various attack types such as command injection and buffer overflow to strike the attempted attack down and protect the runtime integrity of the secured device against both zero-day and one-day attacks. Its design fosters a proactive IoT security paradigm that ditches the need to play catch-up with hackers through long and costly patching. Sternum’s solution enables devices to actively defend themselves from novel pieces of malware even before security researchers identify them, as seen in the live demo.


Share

Featured Articles

iPhone 16: Apple Fans Ready for Faster Speeds & New Features

Ahead of the iPhone 16 launch, fans are already excited for the ultimate upgrade. Here’s what do we know about the iPhone 16 series

Mobile Ecosystem Forum: 10th Consumer Trust Survey Results

The MEF has released its 10th Annual Consumer Trust Survey, highlighting the need for trust, transparency & security between consumers & mobile operators

Samsung & MediaTek’s Milestone with Fastest 10.7Gbps LPDDR5X

Samsung’s 10.7Gbps LPDDR5X DRAM offers 25% improvement in power consumption, longer battery life and more powerful on-device AI features for mobile

World Youth Skills Day: Vodafone Bridges Digital Divide

Sustainability

GSMA: Handset Affordability Coalition & Smartphones

Sustainability

Keysight Technologies Joins AI-RAN Alliance

Wireless Networks