- A new botnet called Eleven11bot was spotted in the wild
- It uses low and default identification information to compromise IoT devices
- The botnet is exploited by actors of the Iranian threat
Cybersecurity researchers say they have discovered the “largest non -governmental botnet” in recent years.
His name is Eleven11bot, and his malware has been found on more than 86,000 Internet objects (IoT), according to several research teams, including Nokia, Greynoise and the Shadowserver Foundation.
The botnet is most likely exploited by an Iranian actor threats, Greynoise reported. He found some 1,400 IPS operating the botnet, the majority of which are based in the country of the Middle East. Threat actors seem to look for IoT devices with factory or weak identification information, and actively scan ports Telnet and SSH exposed, with compromise devices, including webcams, network video recorders (NVR) and similar.
Exceptional size
At the same time, the Shadowserver Foundation has analyzed the spread of malware and found that the majority of compromise evaluation criteria are located in the United States, the United Kingdom, Mexico, Canada and Australia.
Botnets are most often used for distributed service denial attacks (DDOS), where infected devices overwhelm a target server, causing disturbances.
They are also used to send massive spam campaigns, distribute phishing emails or malware while avoiding detection. Cybercriminals use boots for the stuffing of identification information and brute force attacks, trying to break using stolen identification information.
Another frequent use is to click on Fraud, where infected machines generate false clicks of announcements to inflate income. Botnets also allow cryptojacking, secretly exploiting cryptocurrency on victims, slowing down and increasing electricity costs. In addition, they are used for data theft and espionage, theft of connection references, financial data or commercial secrets.
Via Bleeping Compompute
