News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • New Botnets "quickly amassing"

    Home » Forums » Code Red – Security/Privacy advisories » New Botnets "quickly amassing"

    • This topic has 5 replies, 1 voice, and was last updated 4 years ago.
    Author
    Topic
    #139209

    Reports are now advising of new botnets, with CheckPoint Security publishing their research yesterday:
    https://research.checkpoint.com/new-iot-botnet-storm-coming/

    Viewing 4 reply threads
    Author
    Replies
    • #139214

      A Gigantic IoT Botnet Has Grown in the Shadows in the Past Month
      By Catalin Cimpanu | October 20, 2017

       
      Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper (Reaper for this article), researchers estimate its current size at nearly two million infected devices.

      According to researchers, the botnet is mainly made up of IP-based security cameras, network video recorders (NVRs), and digital video recorders (DVRs).

      The biggest difference between Reaper and Mirai is its propagation method. Mirai scanned for open Telnet ports and attempted to log in using a preset list of default or weak credentials.

      Reaper does not rely on a Telnet scanner, but primarily uses exploits to forcibly take over unpatched devices and add them to its command and control (C&C) infrastructure.

      Netlab says that Reaper, at the time of writing, primarily uses a package for nine vulnerabilities: D-Link 1, D-Link 2, Netgear 1, Netgear 2, Linksys, GoAhead, JAWS, Vacron, and AVTECH. Check Point also spotted the botnet attacking MicroTik adn TP-Link routers, Synology NAS devices, and Linux servers.
      Netlab experts say the botnet it’s in incipient stages of development, with its operator busy adding as many devices to the fold as possible.

      Exploits are added on a regular basis, while the C&C infrastructure expands to accommodate new bots.

      Netlab says that it observed over two million infected devices sitting in the botnet’s C&C servers’ queue, waiting to be processed. Just yesterday, only one of the C&C servers was controlling over 10,000 bots.

       
      Read the full article here

      1 user thanked author for this post.
    • #139215

      ‘IOTroop’ Botnet Could Dwarf Mirai in Size and Devastation, Says Researcher
      by Tom Spring | October 20, 2017

       
      A botnet, which is adding new bots every day, has already infected one million businesses during the past month and could easily eclipse the size and devastation caused by Mirai.

      The malware and botnet, dubbed IOTroop, was spotted in September by researchers at Check Point who warn that 60 percent of corporate networks have at least one vulnerable device.

      “So far we estimate over a million organizations have already been affected worldwide, including the U.S., Australia and everywhere in between, and the number is only increasing,” according to Check Point’s preliminary research published Thursday.

      Researchers believe that the botnet is quickly amassing and may be on the cusp of a massive DDoS attack. “Our research suggests we are now experiencing the calm before an even more powerful storm,” wrote researchers.

      Still unknown is who are the threat actors behind the malware/botnet, any targets hackers might have and what the timeline of any attack might be.

      “It is too early to assess the intentions of the threat actors behind it, but it is vital to have the proper preparations and defense mechanisms in place before an attack strikes,” said researchers.

       
      Read the full article here

      2 users thanked author for this post.
    • #139219

      For information about Botnets, see AKB3000005

    • #139221

      And from theregister.co.uk:
      Do fear the Reaper: Huge army of webcams, routers raised from ‘one million’ hacked orgs
      Check your cameras, broadband gateways, NAS boxes for latest botnet malware

      Right now, check to make sure you’re not exposing a vulnerable device to the internet, apply any patches if you can, look out for suspicious behavior on your network, and take a gadget offline if it’s infected.

      2 users thanked author for this post.
    • #139397

      From wired.com:


      The Reaper IoT Botnet Has Already Infected a Million Networks

      On Friday, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed the new IoT botnet, which builds on portions of Mirai’s code, but with a key difference: Instead of merely guessing the passwords of the devices it infects, it uses known security flaws in the code of those insecure machines, hacking in with an array of compromise tools and then spreading itself further. And while Reaper hasn’t been used for the kind of distributed denial of service attacks that Mirai and its successors have launched, that improved arsenal of features could potentially allow it to become even larger—and more dangerous—than Mirai ever was.

      “The main differentiator here is that while Mirai was only exploiting devices with default credentials, this new botnet is exploiting numerous vulnerabilities in different IoT devices. The potential here is even bigger than what Mirai had,” says Maya Horowitz, the manager of Check Point’s research team. “With this version it’s much easier to recruit into this army of devices.”

      2 users thanked author for this post.
    Viewing 4 reply threads
    Reply To: New Botnets "quickly amassing"

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.