Sternum, the universal Internet of Things (IoT) cybersecurity and analytics platform provider, reveals a successful live-fire test of its smart device security platform against BotenaGo malware. Sternum’s unique solution, which looks out for generic fingerprints of an attempted attack to protect the device’s runtime integrity, kept an unpatched device protected in multiple attacks utilizing an exploit from the virus’s arsenal.
Botnet malware seeks out vulnerabilities in millions of IoT devices and uses those to deploy malicious payloads, granting the hacker control over affected targets. An advanced botnet like the infamous Mirai can build up an entire army of “zombified” devices that would then be used for denial-of-service attacks and other malicious activities. BotenaGo, the new addition to this malware class, first came up on radars in November 2021 as a sleek and dangerous virus, packing 33 vulnerabilities tailored to infect millions of routers. A lot of the exploits it relies on are command injections, which force the device to execute malicious OS commands and are ranked as one of the most dangerous software vulnerabilities. In January 2022, BotenaGo’s source code went up on GitHub, available for any rookie hacker to use at will, or add some of its exploits to their own custom malware.
Sternum pitted the malware against its unique IoT security solution in a live-fire trial on an off-the-shelf vulnerable device. First, the company’s team used a command injection exploit from the virus’s arsenal to infect an unpatched and unprotected Zyxel NAS326 cloud storage device. To confirm the successful attack, the security experts switched the light indicators on the device’s front on and off through the malware.
Then, Sternum researchers installed the company’s solution on the device, still unpatched, and ran the attack again multiple times. The solution successfully protected the cloud storage unit, striking down the infection attempts. It also automatically collected all the necessary forensics data such as timestamps and IP addresses involved in the attacks, pinpointing the vulnerabilities in the device’s firmware and offering automatic root-cause analysis.
Sternum’s single-click security solution gives any connected device the ability to protect itself against hacking attempts in real-time. It seeks out the generic fingerprints of various attack types such as command injection and buffer overflow to strike the attempted attack down and protect the runtime integrity of the secured device against both zero-day and one-day attacks. Its design fosters a proactive IoT security paradigm that ditches the need to play catch-up with hackers through long and costly patching. Sternum’s solution enables devices to actively defend themselves from novel pieces of malware even before security researchers identify them, as seen in the live demo.
“BotenaGo arms any script kiddo with a potent tool capable of infecting millions of devices. Patching takes time, and we know of a few cases where the devices were left vulnerable even after an available update. By beating the virus without the need for a patch, our platform once again proves itself as a powerful security platform that allows companies to always be one step ahead of the game. By focusing on generic fingerprints shared by all attacks instead of wasting time and money on patching specific vulnerabilities, it can defeat viruses that haven’t even been written yet.”
Natali Tshuva, Co-Founder and CEO of Sternum
About Sternum
Sternum, the provider of the first universal IoT platform for security and observability offering runtime protection and visibility to IoT devices, was founded in 2018 by 8200 veterans with a profound understanding of both defender and attacker mindsets. With a goal to deliver one unified and powerful platform to all IoT devices across sectors, Sternum set out to build an uncompromising, innovative technology. Sternum’s product suite consists of two key solutions: Embedded Integrity Verification (EIV) and ADS (Analytics & Detection System); both answer the unique needs of IoT device-level protection and visibility in medical, industry 4.0, smart cities, energy, and beyond.