Botnet 'Ballista' Targets TP-Link Routers

Unpatched Vulnerabilities Once Again Exploited in Botnet Campaign. A critical internet of things (IoT) vulnerability, first exploited in the notorious Mirai botnet attack, is being used once again in a new botnet campaign.

Botnet 'Ballista' Targets TP-Link Routers

Unpatched Vulnerabilities Once Again Exploited in Botnet Campaign. A critical internet of things (IoT) vulnerability, first exploited in the notorious Mirai botnet attack, is being used once again in a new botnet campaign. This vulnerability, which has yet to be patched in many devices, allows attackers to gain root access and install malware on infected devices.

The Mirai botnet, discovered in 2016, gained notoriety for its use in large-scale distributed denial of service (DDoS) attacks, including an attack on Dyn, a major internet infrastructure company, which caused widespread internet outages. The malware used in the original Mirai campaign targeted IoT devices with weak or default passwords and enslaved them into a botnet, creating a powerful network that could be controlled remotely to launch DDoS attacks. Now, security researchers have identified a new botnet campaign exploiting the same vulnerability. This new malware, while similar in function to Mirai, has its own unique characteristics and capabilities. It is capable of infecting a wide range of IoT devices, including routers, cameras, and digital video recorders (DVRs). Once infected, the device becomes part of a botnet, which can then be used for various malicious activities, such as DDoS attacks or cryptojacking. The vulnerability being exploited in this new campaign is a well-known issue in the security community. It is a command injection vulnerability that allows an attacker to inject and execute arbitrary commands on the device with root privileges.

Despite several patches and updates being made available, many IoT devices remain unpatched, leaving them vulnerable to exploitation. The lack of patching can be attributed to several factors, including the complexity of updating IoT devices, the reluctance of users to update due to concerns about breaking functionality, and the limited resources available for security updates in low-cost devices. Additionally, many IoT devices are designed with a "set and forget" mentality, meaning that they are installed and then left unattended, often without any further security measures implemented. This new botnet campaign serves as a reminder of the importance of securing IoT devices.

With an estimated 20 billion connected devices expected to be in use by 2023, the attack surface for cybercriminals is only set to increase. It's crucial that device manufacturers and users take proactive steps to secure these devices, including regularly updating software and implementing strong passwords. In conclusion, a critical IoT vulnerability first exploited in the Mirai botnet attack is once again being used in a new botnet campaign. This underscores the importance of securing IoT devices and highlights the need for regular updates and strong security practices. While the full extent of this new campaign remains to be seen, it serves as a warning that unpatched vulnerabilities continue to pose a significant threat to IoT security.

Coins by Cryptorank