- Rondodox Botnet utilizes 56 vulnerabilities across 30+ internet -connected device types
- Its “Exploit Shotgun” approach is noisy, attracts defenders, but goes on compromise with different hardware
- Patching -Units, Updating Firmware and Network Insulation Helps Prevent Botnet -Infiltration
Security researchers warn of Rondodox, a noisy new botnet targeting dozens of vulnerabilities of more than 30 devices.
Normally, cyber criminals would focus on a vulnerability in a specific end point – either a zero -day error or an old, unmatched vulnerability and try to build their botnet around it. However, Rondodox is completely different. It is currently targeting 56 vulnerabilities in all sorts of hardware where new goals are constantly added.
Security researchers from Trend Micro call this strategy “Exploit Shotgun”. It works well, but it is also high and noisy and draws attention from defenders pretty quickly.
Other services intact
A botnet is a network of bots – compromised final points such as routers, DVRs, CCTV systems and webcams, smart home devices and other internet -connected hardware.
They are used for all sorts of criminal activities, from launching distributed denial of service (DDOS) attacks, to renting housing proxy services to other hackers.
Rondodox is a herald of the upcoming things, Cyberinsides argues. Cyber criminals move into “automated, modular utilization of aging infrastructure in scale,” the publication claims.
The list of vulnerable devices is quite extensive and includes heavy meetings such as QNAP, D-Link, Netgear, TP-Link and Linksys.
The vulnerability list includes all sorts of deficiencies, from those found under PWN2own competitions, to some who are years old and are found on units that are past their status of the end of life (EOL).
Fortunately, it is easy to defend against these shortcomings as most of them already have a patch. Therefore, installing the patch is the way to go. Keeping the firmware up to date at all times and making sure no supported devices are supported is a good rule of thumb so as not to be assimilated in a malicious botnet.
Since some of the deficiencies do not have an assigned cve and can be a zero day, there are other measures that companies need to take. It includes segmentation of the network, insulation of critical data from Internet-facing hardware and guest connections and to ensure that the passwords and other login credentials are unique, strong and often updated.
At the time of the press, the campaign is still active.
Via Bleeping computer
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
