Fronton: A Secret Russian Tool To Shut Down The Internet

A Russian hacker group calling itself 'Digital Revolution' claims to have breached a contractor for the FSB, Russia's national intelligence service, discovering compromising details about a project intended for hacking Internet of Things (IoT) devices. They claim to have revealed that Russia has new tools to shut down internet services by tapping internet-connected cameras and other smart devices.

That doe not only mean mean that FSB spies can penetrate mobile phones, laptop or even Internet-connected doorbells also meand that the Russian government has a new tool for creating a destructive DDoS-capable botnet. 

The new botnet tool was revealed in documents that give instructions for using a suite of hacking apps called Fronton, Fonton-3D, and Fonton-18. These botnets harness the computing power of millions of internet-connected things, direct them to spew random data at specific computers, and overwhelm vital services into uselessness. 

With millions of Americans currently teleworking during the COVID-19 pandemic, the United States has never been more dependent on the internet.

The Internet of Things, or IoT, is a term-of-art for the vast array of electronic products that connect to the internet, from refrigerators to medical equipment to automobiles. IoT vulnerabilities have long worried national security experts who say adversaries could exploit them to shut down entire sectors of digital capabilities and infrastructure. The documents say “An attack on national DNS servers can make the Internet inaccessible for several hours in a small country.”

The group Digital Revolution claimed to have obtained technical documents that detail a suite of hacking tools, Fronton, Fonton-3D, and Fonton-18 which incude the instructions for tapping into smart devices, including security cameras.

 Created in 2017 and 2018 by Russia’s FSB Information Security Center, the documents explain how to use the tools to make large botnet attacks on critical national services. According to screenshots of the Fronton backend, the botnet was capable of targeting Linux-based smart devices, which account for the vast majority of IoT systems today. This would have allowed it to target more than just smart cameras and NVRs.

Any device that has an Internet connection and a processor can be exploited. In an ideal world, all devices should be forced to go through some sort of network configuration before being used, rather than being exploitable from a default position.

Corero:          Defense One:         ZDNet:       Meduza

You Might Also Read: 

Disconnected: Russia Tests Its Own Internet:

A New IoT Botnet Storm Is Coming:

 

 

 

 

« How Effective Is Your Threat Intelligence?
Take Action On Cyber Security Training »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

Center for Applied Cybersecurity Research (CACR) - University of Indiana

Center for Applied Cybersecurity Research (CACR) - University of Indiana

CACR serves Indiana and the nation by tackling cyber risk in research and other unusual environments through agile, holistic, principle-based cybersecurity.

Gallarus Industry Solutions

Gallarus Industry Solutions

Gallarus leads innovation within industrial Manufacturing, Production and Management Systems, including Cyber Security solutions specifically developed to protect against the latest cyber criminality.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

Centre for Cyber Security Research & Innovation

Centre for Cyber Security Research & Innovation

The Centre for Cyber Security Research & Innovation is Nepal's First Academic Research Institute to focus on understanding the overall Information Security of Nepalese Organizations.

Cybecs Security Solutions

Cybecs Security Solutions

Cybecs was founded to address rapid technological advancement, changing business models, global privacy regulations, and increasing cyber threats for global organizations.

Memgraph

Memgraph

Memgraph, is an in-memory graph database designed for real-time applications such as risk assessment, 360-degree data and network data exploration, and supply chain and network logistics.