Experts security mentioned that some hackers managed to they infect with malware software some Appliances and production still running Windows 7 and designed by three of the largest manufacturers in the world.
Her discovery was made by researchers TrapX, who consider it to be a “supply chain attack"
According to the data, the infection took place a few months ago, in October 2019. Hackers infected IoT devices with malicious software belonging to the category of cryptocurrency miners. Affected IoT devices include self guided vehicles (AGV, robots), a printer and a smart TV.
“The sample of malware analyzed by TrapX® is part of the family Lemon_Duck which is executed by double click or through persistence mechanisms, "they said researchers by TrapX. “Initially, the malicious one program scan it network for potential targets, especially those with open targets services SMB (445) or MSSQL (1433). Once a potential target was identified, the cryptocurrency miner was starting his job ”.
According to experts, the attacks on the IoT devices of the three manufacturers are likely to be part of the same hacking campaign. The attackers infested at least 50 sites of companies in the Middle East, North America and Latin America.
The attackers used one downloader that performs malicious scripts related to cryptocurrency miner Lemon_Duck. Researchers say this particular malware it is spreading very fast, that is why it is considered "extremely dangerous".
“Once again, the entry point was an IoT device running Windows 7. The attacks confused the production process, destroying AGV robots. The malware has spread quite quickly, "the researchers said. “TrapX software provided early detection of cryptocurrency malware and allowed the security team to disconnect them immediately infected AGV from the network ”. AGV-robots are IoT-based technology and are commonly used to transport materials to factories.
Windows 7 has ceased to be supported by Microsoft about a month ago. However, many users around the world continue to use them, making their devices vulnerable. Cybercriminals are aware of this and are looking for vulnerable IoT and other systems to attack.
Experts have found many automated vehicles (AGVs) running Windows 7 to be infected with the cryptocurrency miner.
The cryptocurrency miner was also found in HP DesignJet SD Pro printer used to print designs containing sensitive data and related to the target production process. The hackers infected their device and acquired it access in the target network.
Finally, the malware was installed in one Smart TV with a built-in PC that also ran Windows 7.
TrapX experts speculate that this was one supply chain attack and that malware was first installed on vulnerable devices and then affected the manufacturers' sites.
More details on the contamination of IoT devices can be found in the report published by TrapX.