Zero-Day vulnerabilities in routers and cameras exploited by hostile botnet

Share post:

Security researchers at Akamai have discovered two new zero-day vulnerabilities being actively exploited to incorporate routers and video recorders into a hostile botnet. These vulnerabilities, previously unknown to both manufacturers and the security community, allow remote execution of malicious code on devices using default administrative credentials. The attackers have been leveraging these vulnerabilities to infect devices with Mirai, a powerful botnet software, to conduct distributed denial-of-service (DDoS) attacks.

The vulnerabilities are present in specific models of network video recorders and a wireless LAN router intended for hotels and residential applications, produced by a Japan-based manufacturer. The affected devices were found to have security flaws in the communication between their software and hardware. Akamai has reported these vulnerabilities to the manufacturers, with one confirming that security patches will be released next month.

The exploitation of these vulnerabilities involves command injection, requiring the attacker to authenticate themselves using the credentials configured in the vulnerable device. Akamai researcher Larry Cashdollar noted that devices with easily guessable logins are at heightened risk. The incomplete Internet scan by Akamai revealed at least 7,000 vulnerable devices, but the actual number could be higher.

Mirai, the botnet software used in these attacks, gained notoriety in 2016 for its massive DDoS attack capabilities. The current Mirai strain, primarily an older version known as JenX, has been modified and shows similarities to other Mirai variants. Akamai has provided Snort rules and indicators of compromise for organizations to detect and repel these attacks, although the specific vulnerable devices and their manufacturers remain unidentified.

This discovery underscores the ongoing threat posed by IoT botnets and the critical importance of cybersecurity vigilance in protecting against such sophisticated attacks.

Sources include: Ars Technica

Featured Tech Jobs


Related articles

Russian threat actor expanding its target list, warns Five Eyes report

APT29 is increasingly going after cloud services in mo

Canada’s privacy watchdog investigating hack at Global Affairs

Inquiry will look into adequacy of data safeguards at the federal

Sidebar: The powerful Digital Safety Commission

A look at the powers of the proposed five-person body charged with overseeing the Online

Cyber attack on Hamilton knocks out municipal phone, email

One of Ontario’s biggest cities is in the second day of dealing with a cyber attack. Hamilton, a municipality of about 570,000 on the shore of Lake Ontario, said Sunday it had suffered a city-wide phone and email “disruption” to municipal and public library services, which included the Bus Check Info Line and the HSRNow

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways