-Attack might go undetected in your organization’s systems-March 31, 2021 05:50 PM Eastern Daylight Time
IRVINE, Calif.–(BUSINESS WIRE)–Intelligints, a leading cybersecurity organization specializing in security related services worldwide, has announced today the identification of an advanced cyberattack that might go undetected in your IT environment. Intelligints’ SOC is issuing this research and findings so that organizations and security teams are aware of this type of attack.
Attack Summary:
The exploit starts with email phishing or through unpatched Windows systems. Then, through iexplore.exe, requests are made to an external IP to download a file (size 2.91 KB) which includes root certificates and certain scripts to modify the Windows system registry. The scripts go through the registry to find out what software is installed on the target system and credentials in the environment, then call the system API to communication with the outside command server. By installing the root certificate on the compromised system, it makes it look like a trusted certificate and the malware/attack goes undetected by a number of EPP/EDR tools.
“iexplore.exe” wrote bytes “4068bdf3fe070000” to virtual address “0xFF29BEA8” (part of module “OLE32.DLL”)
The malware will then create a guarded memory region as identified in Intelligints’ labs (anti-debugging trick to avoid memory dumping):
Details “iexplore.exe” is protecting 8192 bytes with PAGE_GUARD access rights
Source API Call
Intelligints’ IDR team performed network traffic forensics on the communication and found traffic being initiated outside the compromised network to certain domains with “onion” protocols and others used in command-and-control code execution on victim systems.
Remediation efforts:
Intelligints has identified the dll’s replaced on victim systems and recommends a careful approach to eradicate it without causing system corruption. Also, ensure you have up to date backups in case something goes wrong. Clone the impacted system and attempt replacing the dll’s and test business apps/functionality. This malware eradication needs both Administrator and System permissions to write code into virtual address. So, proceed carefully.
About IntelligINTS
Intelligints LLC is a leading provider of Cybersecurity and Information Security services for enterprises concerned about their security posture. Intelligints offers a range of services covering penetration testing, code reviews, managed security services and 24x7x365 SOC, Incident Detection/Response and forensics. Intelligints approaches each customer’s security based on risk exposure/factor.
Intelligints is headquartered in Irvine, California. For more information, visit www.intelligints.com.
IRVINE, Calif., May 28, 2020 (GLOBE NEWSWIRE) — Lantronix Inc. (NASDAQ: LTRX), a global provider of edge computing, secure data access and platform and management solutions for the Industrial Internet of Things (IoT), today announced that its ConsoleFlow™ cloud-based software-as-a-service (SaaS) solution has undergone extensive network penetration and source code testing by IntelligINTS, a leading cybersecurity testing and threat monitoring company.
“After performing penetration testing and code review on Lantronix’s ConsoleFlow product, we found that ConsoleFlow meets our expectations for a secure remote solution,” said Sam Sukhon, Chief Information Security Officer at IntelligINTS. “Congratulations to Lantronix’s development team in creating a secure platform and codebase.”
ConsoleFlow provides secure, centralized management for Lantronix IoT and Out-of-Band Management (OOBM) customer solutions from anywhere, at any time. ConsoleFlow delivers software-defined automation for deployment provisioning, asset monitoring, notifications, firmware and configuration updates and real-time troubleshooting. Customers can analyze device data, gaining insight and improving operational efficiency while virtually eliminating travel costs.
With Lantronix IoT devices and ConsoleFlow, hospital IT staff can remotely monitor the status of critical hospital equipment, such as ventilators and infusion pumps for patients, and deliver timely software updates to ensure that devices operate with the latest security patches and are configured for optimal performance. Managers are assured knowing that device data is secure as it is encrypted in-flight and while at rest. Hospital patient environments are therefore free from intrusion and remain sterile while hospital IT staff are safe and able to treat patients without obstruction.
“In today’s world of critical medical equipment needs and remote workers, we at Lantronix are dedicated to providing solutions that empower our customers to securely and remotely excel at their jobs,” said Jonathan Shipman, VP of Strategy at Lantronix Inc. “By completing in-depth security testing, our customers can be reassured that ConsoleFlow is a secure solution for remote management whether in patient care or data center applications.”
About ConsoleFlow
ConsoleFlow is Lantronix’s on-premises and cloud-hosted management software solution. Available as a cloud-based SaaS and as a virtual appliance for on-premises deployments, it enables organizations of any size in virtually any industry to remotely monitor, manage and troubleshoot Lantronix IoT and OOBM equipment over broadband and cellular networks from anywhere, at any time, while maintaining access to their critical equipment, even during network outages.
Bringing in-band productivity to out-of-band networks, ConsoleFlow is designed to reduce deployment and management complexity and costs while maximizing IT infrastructure uptime. ConsoleFlow provides centralized management and automated monitoring of all deployed Lantronix Console Managers and connected IT equipment along with real-time notifications, managed APIs and data visualization dashboards.
Lantronix, Inc. is a global provider of engineering services, hardware and software solutions for Edge Computing, the Internet of Things (IoT) and Out-of-Band Management (OOBM). Lantronix enables its customers to provide reliable and secure IoT Intelligent Edge and OOBM solutions while accelerating time to market. Lantronix’s products and services dramatically simplify the creation, development, deployment, and management of IoT projects while providing quality, reliability and security across hardware, software, and solutions.
With three decades of proven experience in creating robust IoT technologies and OOBM solutions, Lantronix is an innovator in enabling its customers to build new business models, leverage greater efficiencies and realize the possibilities of the Internet of Things. Lantronix’s solutions are deployed inside millions of machines at data centers, offices, and remote sites serving a wide range of industries, including energy, agriculture, medical, security, manufacturing, distribution, transportation, retail, financial, environmental and government.
Lantronix is headquartered in Irvine, California. For more information, visit www.lantronix.com.
IntelligINTS LLC is a leading provider of Cybersecurity and Information Security services for enterprises concerned about their security posture. IntelligINTS combines decades of experience in a range of services covering penetration testing, code reviews, managed security services and 24x7x365 threat monitoring as well as managed incident detection/response and forensics. IntelligINTS works as an extension of its customers security department and excels at reducing the noise of the different security offerings based on first-hand experience with effectiveness and efficiency. IntelligINTS approaches each customer’s security based on risk exposure architecting customized solutions based on that risk factor.
IntelligINTS is headquartered in Irvine, California. For more information, visit www.intelligints.com
For consultation, please contact: Info@intelligints.com Or Toll Free: (833) 337-3287 (833 33 SECURE)
“Safe Harbor” Statement under the Private Securities Litigation Reform Act of 1995: Any statements set forth in this news release that are not entirely historical and factual in nature, including without limitation statements related to our solutions and technologies, network source code and penetration testing and conclusion that ConsoleFlow meets our expectations for a secure remote solution, are forward-looking statements. These forward-looking statements are based on our current expectations and are subject to substantial risks and uncertainties that could cause our actual results, future business, financial condition, or performance to differ materially from our historical results or those expressed or implied in any forward-looking statement contained in this news release. The potential risks and uncertainties include, but are not limited to, such factors as the effects of negative or worsening regional and worldwide economic conditions or market instability on our business, including effects on purchasing decisions by our customers; the impact of the COVID-19 outbreak on our employees, supply and distribution chains, and the global economy; cybersecurity risks; changes in applicable U.S. and foreign government laws, regulations, and tariffs; our ability to successfully implement our acquisitions strategy or integrate acquired companies; difficulties and costs of protecting patents and other proprietary rights; the level of our indebtedness, our ability to service our indebtedness and the restrictions in our debt agreements; and any additional factors included in our Annual Report on Form 10-K for the fiscal year ended June 30, 2019, filed with the Securities and Exchange Commission (the “SEC”) on September 11, 2019, including in the section entitled “Risk Factors” in Item 1A of Part I of such report, as well as in our other public filings with the SEC. Additional risk factors may be identified from time to time in our future filings. The forward-looking statements included in this release speak only as of the date hereof, and we do not undertake any obligation to update these forward-looking statements to reflect subsequent events or circumstances.
Lantronix Media Contact: Gail Kathryn Miller Corporate Marketing & Communications Manager media@lantronix.com 949-453-7158
Lantronix Analyst and Investor Contact: Jeremy Whitaker Chief Financial Officer investors@lantronix.com 949-450-7241
Lantronix Sales: sales@lantronix.com Americas +1 (800) 422-7055 (US and Canada) or +1 949-453-3990 Europe, Middle East and Africa +31 (0)76 52 36 744 Asia Pacific + 852 3428-2338 China + 86 21-6237-8868 Japan +81 (0) 50-1354-6201 India +91 994-551-2488