The new thing bot emerged at the end of September and appears much more sophisticated, according to the experts the malware already infected more than one million organizations worldwide.
The malicious code tries to exploit many known-vulnerabilities in various IP camera models, including GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, and Synology.
The experts speculate that the malware once compromised a device use it to spread itself.
“With each passing day the malware was evolving to exploit an increasing number of vulnerabilities in Wireless IP Camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others. It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves.” reads the report published by Check Point.
“So far we estimate over a million organizations have already been affected worldwide, including the US, Australia and everywhere in between, and the number is only increasing,” continues Check Point.
While investigating the compromise of a GoAhead device the experts noticed that the attackers accessed the System.ini file. This file would contain the credentials of the user, but on the compromised IoT device it contained a ‘Netcat’ command to open a reverse shell to the attacker’s IP.
The attackers triggered the CVE-2017-8225 to hack into the IoT device. The experts verified that the botnet relies on compromise bots to sending out the infection.
“These attacks were coming from many different types of devices and many different countries, totaling approximately 60% of the corporate networks which are part of the ThreatCloud global network,” Check Point notes.
The security researchers provided a list of IoT devices targeted by the malware, even if the attackers’ motivation is unclear experts speculate the botnet could be used to power DDoS attacks.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – IoT botnet, IoT)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.