Unmasking the Zero-Day Malware Campaign: A Deep Dive into Router and NVR Device Vulnerabilities

Unmasking the Zero-Day Malware Campaign: A Deep Dive into Router and NVR Device Vulnerabilities

Malware Campaign Uses Zero-Day Vulnerabilities to Reel in Routers for a DDoS Botnet Attack

Main Takeaways:

  • An ongoing malware campaign is wielding two previously unknown security gaps, also known as zero-day vulnerabilities, to let hackers access routers and video recorders remotely.
  • The payload aims for routers and network video recorder (NVR) devices which still operate on default admin credentials, letting the installation of Mirai variants happen when successful.
  • Akamai detected this cybersecurity issue in its latest advisory.

Zero-Day Threat Makes Routers and Video Recorders Playtime for Hackers

Ever wondered why your router is behaving like a grouchy old man refusing to let anyone access the Internet? It might just be held hostage by an active malware campaign. This malware campaign uses two zero-day vulnerabilities, the digital equivalent of a secret trapdoor hidden behind a bookshelf, to gain remote access to your routers and video recorders. This malware doesn’t just get a kick out of meddling with your devices. Instead, it enrolls them in a secret botnet bash. Reminds me of that time when my garage door opener got ‘hacked’ and started acting like a stubborn mule. Thought about calling an exorcist; then realized it just needed new batteries!

Open (Admin) Sesame! Routers and NVR Devices with Default Credentials are Easy Prey

The malware campaign is putting Arthur Conan Doyle to shame with its sleuthing abilities. It targets routers and network video recorder (NVR) devices that still run on their default admin credentials. So if you’ve never changed your admin password since you installed your router or NVR device, then you might have an uninvited digital houseguest. Upon successful breach, it proceeds to install Mirai variants. Just like how we install a new doggy door for our canine friends, except this one isn’t nearly as cute, and it’s certainly not your friend, unless your definition of ‘friend’ is ‘someone who helps you be part of a DDoS Botnet’. Reminds me of how we sometimes forget to change our passwords and end up with ‘ilovecats’ for every single account. Not that admitting a fondness for felines is embarrassing or anything!

Akamai Rings the Alarm with the Advisory

Akamai, the internet security sentinel, seems to be shouting, “Danger, Will Robinson!” with its latest advisory. It detected this cybersecurity issue, sort of like sneaking up on a pack of sneaky squirrels busy over-running your digital garden with a Mirai-based distributed denial-of-service (DDoS) botnet.

Mini Summary:

A zero-day malware campaign is shotgun-riding two vulnerabilities to throw routers and video recorders into a digital tizzy, creating a DDoS Botnet. It’s targeting devices still operating on their no-longer-so-secret default admin credentials while installing gnarly Mirai variants, making those devices party, unwillingly, in a botnet rave. Internet security company Akamai, playing the role of neighborhood watch, spotted this cyber hooligan in action and promptly spread the word! Moral of the story: don’t be ‘that guy’ who never changes his default passwords and may need to exercise the router (or bring in a tech-savvy priest) if things go south!

Original Article: https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html


0

Your Cart Is Empty

No products in the cart.