Malware that targets Internet-of-Things devices is not finicky about the methods it uses to infect the systems; the main concern is how large an army it can raise. Starting from this premise, cybercriminals seek vulnerabilities that provide a huge yield, no matter how old they are.
A recent trend in IoT botnet malware is to add exploits for multiple vulnerabilities and start scanning the internet for victims. For instance, a Mirai variant now carries no less than 16 exploits for known security bugs in routers, network video recorders (NVRs), cameras and digital video recorders (DVRs).
Typically, cybercriminals don’t develop the malicious code from scratch, but adapt it from demos that validate the finding or take it from penetration testing tools such as Metasploit.
At the moment, thousands of routers online are vulnerable to dated security issues, just waiting to be seized by botnet malware, or taken advantage of in other types of attacks, unless their owners patch them. Firmware that closes easy-to-exploit security gaps is available for them for at least one year.
A security researcher tweeted recently about discovering over 6,000 ASUS routers that showed DHCP info, without the need for authentication. Although the issue does not lead to compromising the device, hackers can use the details to learn about other nodes on the network, basically creating a list of gadgets connected to the router.
The Dynamic Host Configuration Protocol (DHCP) is the one that assigns an IP addresses automatically when a new device connects to the local network. DHCP can also provide the name of the host residing at a particular IP address, which can be used to determine the type of device and the vulnerabilities it may have.
It turns out that the routers received a patch in 2016, when the DHCP leak vulnerability was first reported. Users are often late in applying firmware updates because there is generally no simple way to learn about new releases.
A malicious campaign spotted earlier this month takes advantage of a flaw in MikroTik routers that was addressed back in April, and has been widely publicized. Cybercriminals continue to speculate on the unpatched state of the devices and have infected at least 3,700 of them with malware designed to mine for cryptocurrency.
Hackers are not particularly interested in new and original methods to compromise a device. They will walk a beaten path for as long as they can get a benefit, no matter how small it is.
tags
September 06, 2024
September 02, 2024
August 13, 2024