Security News
Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn. Security researchers with Qihoo 360's Netlab have observed multiple attempts to target the 0day, some before the PoC was published, starting with the Moobot botnet that successfully used an exploit for the vulnerability in February.
Researchers are warning owners of fiber routers to keep a close eye on their gear and check for firmware updates following the discovery an in-the-wild zero-day attack. The researchers note that since the partial proof of concept was posted, two other botnets have been spotted attempting to exploit it.
The Hoaxcalls botnet is actively targeting a recently patched SQL injection vulnerability in Grandstream UCM6200 series devices, security researchers warn. Tracked as CVE-2020-5722 and rated critical severity, the vulnerability exists in the HTTP interface of the impacted IP PBX appliance.
The coin-mining botnet known as DDG has seen a flurry of activity since the beginning of the year, releasing 16 different updates over the course of the past three months. Proprietary P2P. In its latest version, the DDG botnet still uses IP or DNS for static C2 communications, but its new P2P network acts as "a fall-back [failsafe] that even if the C2 is taken down, the infected devices are still going to keep going and perform the mining tasks," analysts said in a blog on Wednesday.
A recently identified Internet of Things botnet has modules developed in a manner that makes it significantly more "Potent and robust" than other IoT botnets, Bitdefender's security researchers say. Dubbed dark nexus and featuring a modular architecture, the threat shares some features with previously observed pieces of malware, and even reuses Qbot and Mirai code, but its core modules appear mostly original.
The botnet, called dark nexus, uses processes similar to previous dangerous IoT threats like the Qbot banking malware and Mirai botnet. Dark nexus also borrows code and processes previously used by Qbot and the infamous Mirai botnet that launched the 2016 Dyn DDos attack.
Bitdefender warns against this dangerous new IoT "Dark nexus" attack that is innovative and cheap for attackers to acquire. "Our analysis has determined that, although dark nexus reuses some Qbot and Mirai code, its core modules are mostly original," Bitdefender said in a 22-page white paper released April 8 about the attacks, "New dark nexus IoT Botnet Puts Others to Shame." While some of its features may be shared with previously known IoT botnets, the way some of its modules have been developed makes dark nexus significantly more potent and robust, the report said.
Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. Helios as the individual behind the development of dark nexus, who is a known botnet author infamous for selling DDoS services on social media platforms and using a YouTube channel to advertise its capabilities.
For the last two years or so, attackers have been infecting and reinfecting poorly secured MS SQL servers, booting other criminals' malware from them and exploiting their compute power to mine Vollar and Monero cryptocurrency. Microsoft SQL Server is a relational database management system/software that can run on computers running any of the most popular operating systems.
If you thought the Mirai botnet was bad, what about a version under the control of Russia's military that it could point like an electronic cannon at people it didn't like? That's the prospect we could face after the reported emergence of secret Russian project documents online last week. The documents, which come from hacking group Digital Revolution but haven't been verified, suggest that Russia's Federal Security Service, has been working on an internet of things botnet of its own called Fronton.