A new malicious botnet has emerged, capturing the attention of cybersecurity experts worldwide. Recently identified by researchers from Qi’anxin XLab, this botnet is a variant of the notorious Mirai malware. Distinctively, it targets industrial routers and smart home devices, exploiting zero-day vulnerabilities and poor configurations, as well as weak passwords to expand its influence.
Table of Contents
- Overview of the Botnet
- Vulnerabilities Targeted
- Patterns of Attacks
- Implications for Users
- Proactive Measures and Security Strategies
Overview of the Botnet
The newly discovered botnet, named “gayfemboy”, is notable not only for its functionality but also for its offensive name. With approximately 15,000 active IP addresses under its control, it has been predominantly spotted in regions like the US, Turkey, Iran, China, and Russia. This botnet exploits numerous flaws in various devices and is rapidly expanding its reach.
One of the most alarming aspects of this botnet is its ability to function well beyond the capabilities of the original Mirai. The botnet’s capacity for Distributed Denial of Service (DDoS) attacks raises significant concerns among IT security professionals given the historical impact of such attacks on major infrastructure.
Vulnerabilities Targeted
This botnet employs a diverse array of techniques to propagate itself across networks. It leverages more than 20 distinct vulnerabilities, specifically targeting device configurations and insufficient password strength:
- Zero-Day Vulnerabilities: These are previously unknown vulnerabilities that have not yet been patched or documented with Common Vulnerabilities and Exposures (CVE) identifiers.
- Weak Telnet Passwords: Many devices still operate with default or easily guessable credentials, making them susceptible to unauthorized access.
- CVE-2024-12856: A critical command injection vulnerability found in Four-Faith industrial routers, rated at a high severity level of 7.2 out of 10.
The targeted devices include a variety of brands:
- ASUS routers
- Huawei routers
- Neterbit routers
- LB-Link routers
- PZT cameras
- Kguard DVR
- Lilin DVR
- Various Generic DVRs and 5G/LTE devices
Patterns of Attacks
Since its emergence in February last year, the “gayfemboy” botnet has initiated several campaigns of DDoS attacks, exhibiting peak performance between October and November of 2024. Some key characteristics of these attacks include:
- Duration: Typically lasting between 10 and 30 seconds.
- Traffic Volume: Attacks can exceed 100 Gbps, posing significant threats even to robust infrastructures.
Targets of these attacks are global, with a concentration in countries like China, the United States, Germany, the United Kingdom, and Singapore. The distributed nature of these attacks reflects the botnet’s sophisticated design.
Implications for Users
For users of affected devices, the emergence of this botnet highlights critical vulnerabilities within networked technology. The widespread reliance on both industrial routers and smart home technologies necessitates a stringent approach to cybersecurity:
- Awareness: Users must stay informed about the latest vulnerabilities and the potential risks associated with their devices.
- Prompt Updates: Regularly updating firmware is essential to protect against newly discovered flaws.
- Secure Configuration: Ensuring that default passwords are changed immediately and configuring devices securely can mitigate risks significantly.
Proactive Measures and Security Strategies
Defending against sophisticated threats like the “gayfemboy” botnet requires a multi-faceted approach to security:
- Network Segmentation: Isolating critical systems from external networks to minimize exposure can be highly effective.
- Regular Security Audits: Conducting audits to identify and rectify misconfigurations should be a routine practice.
- Utilizing Strong Passwords: Implementing complex passwords and multi-factor authentication can greatly enhance security.
As this situation develops, users and organizations alike must remain vigilant. Cybersecurity defenses must evolve to meet the dynamic landscape of threats posed by advanced persistent threats such as this new botnet.
Via BleepingComputer
Leave a comment