Home Malware Newly discovered Mirai Botnet is Exploiting DVR in DDoS Attack - E...

Newly discovered Mirai Botnet is Exploiting DVR in DDoS Attack – E Hacking News


On Thursday, cybersecurity experts disclosed details regarding a newly discovered Mirai-inspired botnet called “mirai_ptea”. It exploits an undisclosed flaw in a digital video recorder (DVR) provided by KGUARD to propagate and execute a distributed denial of service (DDoS) attack.

Netlab 360, a Chinese security company pinned the first investigation into defects on March 23, 2021, before aggressive botnet attempts were detected on June 22, 2021. Since the emergence of the Mirai botnet in 2016, it has been linked to a series of large-scale DDoS attacks. 

In October 2016, users of DNS service provider Dyn in Europe and North America lost access to major Internet platforms and services.
Since then, numerous versions of Mirai have sprung up in the field, partly because the source code is available on the internet. Mirai_ptea is no exception. 

According to researchers, the Mirai botnet is a piece of nasty Internet of Things (IoT) malware that compromised 300,000 IoT devices, such as wireless cameras, routers, and digital video recorders. It scans Internet of Things devices and uses default passwords and then adds the passwords into a botnet network, which is then used to launch DDoS attacks on websites and Internet infrastructure.

Cybersecurity researchers have not revealed the whole details regarding the security flaw in an attempt to prevent further exploitation, but the researchers said the KGUARD DVR firmware had vulnerable code prior to 2017 that enabled remote execution of system commands without authentication. At least approximately 3,000 devices published online are vulnerable to this flaw.

In addition to using Tor Proxy to link with the Command and Control (C2) server, analysis of the mirai_ptea sample disclosed extensive encryption of all sensitive resource information. It is decoded to establish a connection with the C2 server and retrieve attack commands for execution, including launching DDoS attacks. 

“The geographic distribution of bot source IPs is […] mainly concentrated in the United States, Korea, and Brazil,” the researchers stated, with infections reported across Europe, Asia, Australia, North and South America, and parts of Africa. 

In 2017, Paras Jha, 21, of Fanwood, New Jersey; Josiah White, 20, of Washington, Pennsylvania; and Dalton Norman, 21, of Metairie, Louisiana were charged for creating the Mirai IoT botnet. The three admitted conspiracy to violate the Computer Fraud & Abuse Act.





Source link

RELATED ARTICLES

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an...

UBEL is the New Oscorp — Android Credential Stealing Malware Active in the Wild

An Android malware that was observed abusing accessibility services in the device to hijack user credentials from European banking applications has morphed into...

Cyberattacks Zero in Tokyo Olympics as Games Begin – E Hacking News

  Malicious malware and websites have targeted both event organizers and regular spectators as the Tokyo Olympics' opening ceremony approaches. According to Tokyo-based Mitsui Bussan...
- Advertisment -

Most Popular

Former Goldman Sachs CIO, joins fintech start-up Advisory Board

illumr removes bias in AI for financial services organisationsDamian Sutcliffe, the former EMEA CIO for Goldman Sachs...

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an...

Security breaches where working from home is involved are costlier, claims IBM report • The Register

Firms looking to save money by shifting to more flexible ways of working will need to think carefully about IT security and the...

Recent Comments