A new report out today from Fortinet Inc.’s FortiGuard Labs details the activities of two different botnets observed through October and November that are being spread through vulnerabilities in D-Link Systems Inc. devices.
The botnets and their related malware — one a Mirai botnet variant dubbed “FICORA” and the other a Kaiten botnet variant dubbed “CAPSAICIN” — leverage vulnerabilities in legacy D-Link devices, specifically exploiting the Home Network Administration Protocol interface to execute malicious commands remotely. The vulnerabilities used to compromise the devices were first exposed nearly a decade ago and remain a persistent threat thanks to their widespread exploitation and the continued use of unpatched systems.
FICORA was found to use a sophisticated downloader script capable of targeting multiple Linux architectures. The malware spreads by brute-forcing credentials and launching distributed-denial-of-service attacks using protocols such as UDP, TCP and DNS. It was also found to use the ChaCha20 encryption algorithm to obfuscate its configuration, including its command-and-control server details.
The second botnet, CAPSAICIN, was found by the FortiGuard Lab researchers to focus on rapid deployment, with its activity peaking in late October. The malware uses hardcoded commands to establish control over victim systems before sending critical operating system information back to its command-and-control server.
Interestingly, CAPSAICIN was also found to terminate competing botnet processes to maintain exclusivity on infected devices, taking the idea of there being no honor among thieves, or in this case, threat actors, to a new level.
The report notes that both botnets demonstrate the danger posed by outdated network hardware. In the case of the D-Link devices targeted, patches have been available for the exploited vulnerabilities for years, but the widespread reliance on older, often unpatched devices creates an avenue for attackers to deploy malware at scale.
To counter the risks presented by older hardware, the advice from the researchers is not surprising: “It is crucial for every enterprise to regularly update the kernel of their devices and maintain comprehensive monitoring,” the researchers write.
Image: News/Ideogram
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU
