Security News

A recently identified Internet of Things botnet has modules developed in a manner that makes it significantly more "Potent and robust" than other IoT botnets, Bitdefender's security researchers say. Dubbed dark nexus and featuring a modular architecture, the threat shares some features with previously observed pieces of malware, and even reuses Qbot and Mirai code, but its core modules appear mostly original.

Bitdefender warns against this dangerous new IoT "Dark nexus" attack that is innovative and cheap for attackers to acquire. "Our analysis has determined that, although dark nexus reuses some Qbot and Mirai code, its core modules are mostly original," Bitdefender said in a 22-page white paper released April 8 about the attacks, "New dark nexus IoT Botnet Puts Others to Shame." While some of its features may be shared with previously known IoT botnets, the way some of its modules have been developed makes dark nexus significantly more potent and robust, the report said.

The latest twist in the romance arrived this week when the company published details of Integrity Policy Enforcement, a Linux Security Module designed to check the authenticity of binaries at runtime. The Linux kernel has long supported LSMs for different specialised purposes, but Microsoft has spotted a gap in the protections these offer in server environments, specifically its own Azure Sphere IoT platform.

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. Helios as the individual behind the development of dark nexus, who is a known botnet author infamous for selling DDoS services on social media platforms and using a YouTube channel to advertise its capabilities.

Cypress Semiconductor unveiled solutions that give IoT product developers a simplified path to build high-quality, secure, and reliable IoT products. "The problem solvers at Cypress have taken on this challenge and expanded our solutions to help our customers bring high-quality, secure, and reliable products to market faster. IoT-AdvantEdge simplifies the development process, bringing together the essential building blocks of the IoT through powerful software and hardware combinations."

The total number of IoT connections will reach 83 billion by 2024, rising from 35 billion connections in 2020, according to Juniper Research. Industrial sector to account for a total of 60 billion IoT connections.

In this podcast, Mike Nelson, Vice President of IoT Security at DigiCert, talks about the growing insecurity of IoT devices and what we should do about it. We read a lot about bad password practices, and hard-coded credentials, and hackers being able to gain access because they go in and they are able to discover the password and the user manuals of IoT - IoT instruction manuals.

If you thought the Mirai botnet was bad, what about a version under the control of Russia's military that it could point like an electronic cannon at people it didn't like? That's the prospect we could face after the reported emergence of secret Russian project documents online last week. The documents, which come from hacking group Digital Revolution but haven't been verified, suggest that Russia's Federal Security Service, has been working on an internet of things botnet of its own called Fronton.

A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned. Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can't, to stop using the devices altogether or to put them behind network firewalls.

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service attacks.