Internationally functioning cyber-security authorities (Forescout Research Labs and JSOF) confirms that Name:Wreck bugs is distressing more than 100 million devices connect via Internet and is getting dexterous to expand its vulnerabilities at high pace.
Detection of Wreck bugs is being carried out by every security authorities of each country. When we talk about UK, it has been affected nearly 36k devices that can be simple smartphone to complicated aircraft navigation systems which even continuous to Industrial Internet of Things (IIoT), CCTV, Medical equipment and even printer connected with Internet. In addition to this, vulnerabilities are being also monitored in denial-of-service (DoS) or remote code-execution (RCE).
What is Name:Wreck Bugs ?
Possessing similarities with TCP/IP-DNS bugs, it has been designed by cyber criminals to spread infectious threat on global basis. It is being designed to continue several infectious activities simultaneously as it imbedded with complex DNS protocol. It is a silent performer that can perform its work without catching victim’s eyes.
According to Forescout Research Labs and JSOF, who discovered Name:Wreck Bugs says that “The NAME:WRECK bugs is showing its active presence in mainly four mostly used TCP/IP stacks that are- NetX, FreeBSD, NET and IPnet. These four TCP/IP stacks are vastly used by IT software IoT/OT firmware.”
Malicious functioning of the threat has been accomplish for disable system security settings and enabling quick spread get attached with commercial as well as government networks.
Working Mechanism Of Name:Wreck Bugs
Name:Wreck Bugs is designed with strong and heuristic coding that is nearly impossible to decode. Due to its extremely awful working mechanism, once targeting the device it can open gateway for other vulnerabilities to get settled that boost up its strength. Hackers behind the threat work on two mechanism:
- In its first approach, by the means of denial-of-service it target and hit those devices that are connected via Internet. Host those are connected via Internet face several disrupts once the infection get settle into the device.
- In its second approach, it woks remotely. It executes it malicious code as an attack to those users that perform their activities remotely.
According to the report explained by Forescout , functionality of such threat is promoting and flourishing itself due to the “Code Reuse” mechanism. The carrier of infection can multiply itself to increase the adverse consequences on targeted networks. Thus, it is wondering professionally massive organization regarding their data security.
Name:Wreck Bugs Vulnerabilities with Identification and Severity Codes
When we talk about the severity level of Name:Wreck Bugs – the highest estimated severity is 9.8 out of 10. Listed below the eight assigned and one unassigned TCP/IP stacks impacted with the threat and its severity rating:
- CVE-2020-7461: With the severity rating of 7.7, it the bug the shows compressed message on FreeBSD TCP/IP stacks which can result to Remote Code Execution.
- CVE-2016-20009: The Common Vulnerability Scoring System of this threat is 9.8 that could lead the network to worst situations. It mainly creates its impact in IPnet.
- CVE-2020-15795: It is a domain name label-parsing infection that has rates severity to be 8.1 and is fruitful in Nucleus NET network.
- CVE-2020-27009: Continuing severity rating of 8.1, this shows similarity to CVE-2020-15795 and can lead to Remote Code Execution.
- CVE-2020-27736: Leading to denial-of-service attack, it possesses severity rating of 6.5 and leads its impact on A Nucleus NET.
- CVE-2020-27737: It also target a VDomain forename label-parsing bug that shows its impact on Nucleus NET supporting devices and have a security rating of 6.5.
- CVE-2020-27738: Leaving its impact on devices consecutively on Nucleus NET, it is a message-compression bug with a severity rating of 6.5.
- CVE-2021-25677: It has been categorized as a transaction-ID bug that is putting its inverse impact on Nucleus NET and can show the way to DNS cache-toxicating attacks. The Common Vulnerability Scoring System of the bug is 5.3.
The ninth one bug is unassigned but is being placed under message compression bug that holds severity rating of 6.5 and is running actively on NetX TCP/IP stacks.
The survey on Name:Wreck Bugs is still continuing by several security authorities as these bug is recently being noticed but had spread its roots few months before without catching security firewall. Coded with such hiding features is making it one of the most vulnerable bug that is quite difficult to deal with.
According to researchers, “This highly malicious bug is mainly showing its implications on DNS f TCP/IP stacks resulting in denial of service or remote code-execution.”
No doubt that its highest severity level is 9.8 and this could lead to collapse of complete network at once. So, keep yourself updated with the latest news of Name:Wreck Bugs and use every possible measure to keep your network away from this malicious threat.