Zero-Day vulnerabilities in routers and cameras exploited by hostile botnet

Share post:

Security researchers at Akamai have discovered two new zero-day vulnerabilities being actively exploited to incorporate routers and video recorders into a hostile botnet. These vulnerabilities, previously unknown to both manufacturers and the security community, allow remote execution of malicious code on devices using default administrative credentials. The attackers have been leveraging these vulnerabilities to infect devices with Mirai, a powerful botnet software, to conduct distributed denial-of-service (DDoS) attacks.

The vulnerabilities are present in specific models of network video recorders and a wireless LAN router intended for hotels and residential applications, produced by a Japan-based manufacturer. The affected devices were found to have security flaws in the communication between their software and hardware. Akamai has reported these vulnerabilities to the manufacturers, with one confirming that security patches will be released next month.

The exploitation of these vulnerabilities involves command injection, requiring the attacker to authenticate themselves using the credentials configured in the vulnerable device. Akamai researcher Larry Cashdollar noted that devices with easily guessable logins are at heightened risk. The incomplete Internet scan by Akamai revealed at least 7,000 vulnerable devices, but the actual number could be higher.

Mirai, the botnet software used in these attacks, gained notoriety in 2016 for its massive DDoS attack capabilities. The current Mirai strain, primarily an older version known as JenX, has been modified and shows similarities to other Mirai variants. Akamai has provided Snort rules and indicators of compromise for organizations to detect and repel these attacks, although the specific vulnerable devices and their manufacturers remain unidentified.

This discovery underscores the ongoing threat posed by IoT botnets and the critical importance of cybersecurity vigilance in protecting against such sophisticated attacks.

Sources include: Ars Technica


Related articles

Costs from Global CrowdStrike Outage Could Exceed $1 Billion

The global tech outage caused by a faulty CrowdStrike update on Friday could result in damages exceeding $1...

CrowdStrike update: Warnings from national cyber agencies, repair options from Microsoft

National cybersecurity agencies in the U.S., Canada, the U.K. and Australia issued security warnings about the faulty CrowdStrike...

CrowdStrike update causes global IT outages, fix is available

Some airlines, banks and government services around the world have been affected by a faulty software update for...

Charges dismissed in SolarWinds hacking case

A judge has dismissed most of the Securities and Exchange Commission's (SEC) fraud charges against SolarWinds related to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways