Hjem » Nyheder » Malware Echobot angriber IoT enheder, Oracle-applikationer, VMware og udnytter gamle sårbarheder

Malware Echobot angriber IoT enheder, Oracle-applikationer, VMware og udnytter gamle sårbarheder

Echobot IoT malware er en anden variation af velkendte Mirai malware, opdaget af sikkerhed specialister fra Palo Alto Networks i begyndelsen af ​​juni 2019.

Last week, Akamai eksperter præsenterede en mere detaljeret rapport om den nye trussel, hvorfra bliver det klart, at Echobot fulgte en generel tendens: forfatterne af malware ændrede ikke grundlag men tilføjet nye, additional modules to the Mirai sources.

“When Mirai was first released, it was found in IoT devices. Then variants of Mirai began targeting vulnerabilities in those devices”, — said specialist Akamai Larry Cashdollar.

When Palo Alto Networks researchers first noticed Malware, Echobot used exploits for 18 vulnerabilities. Imidlertid, in the Akamai report, just a week later, Echobot already used 26 different exploits, both old and new, og, tilsyneladende, this is not the limit. The current version of Malvari attacks NAS, routere, NVR, IP cameras, IP phones and so on.

Akamai experts note that the most remarkable feature of Echobot is that its authors do not focus on vulnerabilities in Internet of things devices (routere, cameras, video recorders, etc.), but also use bugs in Oracle WebLogic og VMware SD-WAN to infect targets and malware distribution.

Læs også: Ny Mirai type anvender til angreb benytter samtidigt 13 exploits

From the outside, it seems that creators of malware choose exploits absolutely randomly, but this impression is deceptive. Så, often botnet operators start with a random selection of exploits, but soon they leave only those that allow attracting as many bots as possible, and deny others.

Exploits are “processed” in a matter of days, and are eliminated if they do not demonstrate effectiveness. Som resultat, the current arsenal of Echobot exploits can be considered a list of the mostusefulvulnerabilities to date. This list of exploits gives a good idea of which devices are currently the most frequently attacked.

Botnet developers are always looking for ways to spread malware. They are not just relying on exploiting new vulnerabilities that target IoT devices, but vulnerabilities in enterprise systems as well. Some of the new exploits they’ve added are older and have remained unpatched by the vendor. It seems the updates to Echobot are targeting systems that have possibly remained in service, but whose vulnerabilities were forgotten. This is an interesting tactic as these systems if found have remained vulnerable for years and will probably remain vulnerable for many more”, – Akamai experts conclude the review of the Echobot botnet.

Kilde: https://blogs.akamai.com

Om Trojan Killer

Carry Trojan Killer Portable på din memory stick. Vær sikker på, at du er i stand til at hjælpe din pc modstå eventuelle cyber trusler, hvor du går.

Tjek også

Graboid spredes gennem Docker Containere

Graboid minedrift orm spreder sig via Docker containere

Palo Alto Networks experts have discovered the strange crypto-jacking worm Graboid, which spreads through the

Angribere bruge Checkm8 jailbreak

Angribere bruge aktivt den friske Checkm8 jailbreak til deres egne formål

Cisco Talos eksperter advarede brugere, angriberne er aktivt bruger Checkm8 jailbreak. At the end

Skriv et svar