- RondoDox botnet exploits 56 vulnerabilities on more than 30 types of internet-connected devices
- His “run the shotgun” approach is loud, attracting defenders but compromising various hardware.
- Patching devices, updating firmware, and isolating networks helps prevent botnet infiltration
Security researchers are warning about RondoDox, a noisy new botnet targeting dozens of vulnerabilities on more than 30 devices.
Usually, cybercriminals focus on a vulnerability in a specific endpoint – either a zero-day flaw or an old, unpatched vulnerability – and attempt to build their botnet around that. RondoDox, however, is completely different. It currently targets 56 vulnerabilities in all kinds of hardware, with new targets being added all the time.
Security researchers at Trend Micro call this strategy “exploiting the shotgun.” This works well, but it’s also loud and draws the attention of defenders quite quickly.
Other services intact
A botnet is a network of robots: compromised endpoints such as routers, DVRs, video surveillance systems and web cameras, smart home devices, and other Internet-connected hardware.
They are used for all kinds of criminal activity, from launching distributed denial of service (DDoS) attacks to renting residential proxy services to other hackers.
RondoDox is a herald of things to come, CyberInsider argues. Cybercriminals are turning to “automated and modular exploitation of aging infrastructure on a large scale,” the publication states.
The list of vulnerable devices is quite long and includes heavy devices such as QNAP, D-Link, Netgear, TP-Link and Linksys.
The list of vulnerabilities includes all sorts of flaws, from those found in Pwn2Own competitions, to some that are several years old and found in devices that have passed their end-of-life (EoL) status.
Fortunately, defending against these vulnerabilities is easy, since most of them already have a patch. Therefore, installing the patch is the way to go. Additionally, keeping the firmware up to date at all times and ensuring that no unsupported devices are running is a good rule of thumb to avoid being mistaken for a malicious botnet.
Because some vulnerabilities do not have a CVE assigned and may be zero-day, organizations should take additional action. This involves segmenting the network, isolating critical data from Internet-connected hardware and guest connections, and ensuring that passwords and other login information are unique, strong, and frequently updated.
As of press time, the campaign is still active.
Via BeepComputer
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
