- TBK DVRs and Four-Tro-Roumers carry well-known old security errors
- The deficiencies were used to build Mirai Botnet in the past and are now used to build Rondodox as well
- Users are advised to patch, firewall or replace vulnerable endpoints
A new malicious botnet, called Rondodox, is being built just in this moment, which is potentially aimed at thousands of products around the world that E Xperts has warned.
CyberSecurity scientists from Fortinet Fortiguard Labs who said they saw more vulnerabilities in different digital video recorders (DVR) and routers being exploited to create botnet.
The vulnerabilities in question are traced as CVE-2024-3721 and CVE-2024-12856. These two were found in TBK digital video recorders, models DVR-4104 and DVR-4216, as well as in four-faith routers, models F3x24 and F3x36.
Defense of your final points
According to Bleeping computerThe deficiencies were exploited before by threat actors who build the notorious Mirai Botnet. They are popular with cyber criminals because these devices are often used in retail stores, stocks, small offices and similar places where they “often go unattended for years”.
As such, the most important goals are easy to compromise and active for years without patches or updates.
Cyber criminals love to build botnets. A network of compromised devices, from routers, to smart home units, can be used for all kinds of dishonest activities, from distributed denial of service (DDOS) attacks, to housing proxy services that can be rented out.
In fact, Rondodox appears to have been used for stealth-proxies, hiding command and control (C2) traffic for even more malicious activities. It is also used to run layered fraud or to reinforce DDOS-for-Hire campaigns.
It is also pretty good to stay hidden, the researchers claim, trying to counterfeit game traffic.
“To avoid detection, the malicious traffic explains by mimicking popular games and platforms such as Valve, Minecraft, Dark and Darker, Roblox, Dayz, Fortnite, GTA, as well as tools such as Discord, OpenVPN, Wireguard and Racknet,” explained Fortinet.
“In addition to game and chat protocols, Rondodox can also mimic custom traffic from tunneling and real-time communication services, including Wireguard, OpenVPN variants (eg OpenVPNAuth, OpenVPNCrypt, OpenVPNTCP), Stun, DTLS and RTC.”
As usual, to defend against these threats, users need to make sure their routers and DVRs have updated firmware and strong, custom passwords. If they are no longer supported by their suppliers, they must be replaced by newer models. If possible, the devices must also be disconnected from the public internet or placed behind a firewall.
Via Hacker the news
