24 November 2023

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet | Ars Technica

 Unknown attackers have been exploiting the zero-days to compromise the devices so they can be infected with Mirai, a potent piece of open source software that makes routers, cameras, and other types of Internet of Things devices part of a botnet that’s capable of waging DDoSes of previously unimaginable sizes.

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile  botnet | Ars Technica
Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday.
Both of the vulnerabilities, which were previously unknown to their manufacturers and to the security research community at large, allow for the remote execution of malicious code when the affected devices use default administrative credentials, according to an Akamai post.
Akamai researchers said one of the zero-days under attack resides in one or more models of network video recorders. The other zero-day resides in an “outlet-based wireless LAN router built for hotels and residential applications.” The router is sold by a Japan-based manufacturer, which “produces multiple switches and routers.” 
The router feature being exploited is “a very common one,” and the researchers can’t rule out the possibility it’s being exploited in multiple router models sold by the manufacturer.
Akamai said it has reported the vulnerabilities to both manufacturers, and that one of them has provided assurances security patches will be released next month. Akamai said it wasn’t identifying the specific devices or the manufacturers until fixes are in place to prevent the zero-days from being more widely exploited.

Mirai first came to widespread public attention in 2016, when a botnet—meaning a network of compromised devices under the control of a hostile threat actor—took down the security news site KrebsOnSecurity with what was then a record-setting 620 gigabit-per-second DDoS.

Besides its enormous firepower, Mirai stood out for other reasons. For one, the devices it commandeers were an ensemble of routers, security cameras and other types of IoT devices, something that had been largely unseen prior to that. And for another, the underlying source code quickly became freely available. Soon, Mirai was being used in even larger DDoSes targeting gaming platforms and the ISPs that serviced them. Mirai and other IoT botnets have been a fact of Internet life ever since.


UNDER ATTACK —

Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet

Internet scans show 7,000 devices may be vulnerable. The true number could be higher.

A stylized human skull over a wall of binary code.
























No comments:

Fury in Russia at 'serious escalation' of Ukraine missile move | BBC News

  'Kyiv Stands': Sullivan says U.S. role in defending Ukraine defines Biden's legacy