Security News
Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint. For one, on the RAT front, researchers said that it implements 12 remote access functions, that combine with custom command-and-control server commands to carry out tasks like setting up a Socket5 proxy for router devices, tampering with router DNS, setting iptables and executing custom system commands.
The crooks running the Trickbot botnet typically use these config files to pass new instructions to their fleet of infected PCs, such as the Internet address where hacked systems should download new updates to the malware. "This possibly means central Trickbot controller infrastructure was disrupted. The close timing of both events suggested an intentional disruption of Trickbot botnet operations."
A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices. Researchers say, the malware is building a botnet with a current estimated 13,500 infected machines across 84 countries worldwide - and that number continues to grow.
Showing code overlaps with Mirai and its variants and reusing Gafgyt code, Mozi has been highly active over the past year, and it accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, although it did not attempt to remove competitors from compromised systems, IBM researchers say. The large increase in IoT attacks might also be the result of a higher number of IoT devices being available worldwide, thus expanding the attack surface.
The Mozi botnet, a peer-2-peer malware known previously for taking over Netgear, D-Link and Huawei routers, has swollen in size to account for 90 percent of observed traffic flowing to and from all internet of things devices, according to researchers. IBM X-Force noticed Mozi's spike within it's telemetry, amid a huge increase in overall IoT botnet activity.
Botnets are used to do all sorts of malicious things, like launch distributed denial of service attacks, spread malware, and mine cryptocurrency-all without the device's owner being aware that it's been hijacked. At their most basic, botnets aren't that different from any other malware that takes orders from a command and control server, except in this case botnet malware is less concerned with the info it can harvest from a particular computer, and more with the computing resources it can extract from an infected machine.
Avast security researchers have identified vulnerabilities in DVB-T2 devices that could allow attackers to ensnare them in botnets. Many such set-top boxes are primitive, consisting of a TV tuner and an output device, some packing Internet support, and many are highly insecure, Avast's security researchers reveal.
The burgeoning smart home device market has given rise to digital intrusion and potential energy market manipulation on a massive scale. By 2025, it's been estimated that there will be 481 million smart homes worldwide, according to a Statista's 2020 Digital Market Outlook.
A newly discovered sophisticated peer-to-peer botnet targeting SSH servers is using a proprietary protocol, Guardicore Labs security researchers explain. What makes the threat unique compared to other P2P botnets is a fileless infection, constantly updated databases of targets and breached machines, brute-force attacks using an extensive dictionary, even distribution of targets among nodes, and the use of a completely proprietary protocol.
A peer-to-peer botnet called FritzFrog has hopped onto the scene, and researchers said it has been actively breaching SSH servers since January. SSH servers are pieces of software found in routers and IoT devices, among other machines, and they use the secure shell protocol to accept connections from remote computers.