Flax Typhoon

260,000 devices: Huge botnet uncovered

Botnet

Various cyber security agencies and authorities such as the FBI, the Cyber National Mission Force (CNMF), the NSA and the NCSC have uncovered a botnet with more than 260,000 devices worldwide.

In a report, they show, among other things, that after the USA and Vietnam, most of the devices come from Germany (18,900). It is attributed to the Chinese group Flax Typhoon, also known as RedJuliett and Ethereal Panda, who are said to have used it for espionage purposes. The botnet uses the Mirai malware family, whose source code was released in 2016 and has since been used to take over IoT devices such as webcams, DVRs, IP cameras and routers running Linux-based operating systems. Since 2016, various Mirai botnets have been used repeatedly to carry out DDoS attacks and other criminal activities.

Ad

Antoinette Hodes, Global Solutions Architect & Security Evangelist at Check Point Software comments:

“We are entering an era in which IoT devices such as routers and webcams are used as weapons in international cyber conflicts on a daily basis. We still need to implement the lessons learned from the Mirai botnet uncovered in 2020. Unfortunately, Mirai is still active and continues to cause damage. Other examples such as the discovery of the RSOCK proxy botnet or the recently published security vulnerabilities in the Ubiquity G4 instant security cameras illustrate the threat situation. The authorities’ warning about the campaign originating from China shows that state-backed actors are actively exploiting these vulnerabilities to infiltrate global and critical networks. China-driven campaigns are rewriting the rules of the game. No one is talking about the scale and greater risks. The malicious actors behind the botnet posed as experts from an information security group called Integrity Technology Group, allowing them to fly under the radar for an extended period of time. They were able to obtain valuable information and potentially gain access to critical infrastructure, government agencies, companies and universities. The incident highlights the need for preventative security controls for IoT devices. These should follow a zero-tolerance approach to secure the entire supply chain.”

The following measures help to prevent your own devices from becoming part of a botnet:

Ad
  • Purchasing IoT devices from reputable brands that take security by design seriously and prioritize IT security and implement security measures in the devices before market launch.
  • Application of guidelines for the complexity of passwords and the activation of multi-factor authentication (MFA).
  • Ensure that the connected devices are constantly updated with the latest software and that a solid device status is maintained.
  • Enforce Zero Trust network access profiles for connected devices.
  • Separation and segmentation of networks for IT and IoT.

Last year, security researchers from Check Point Research had already identified an increase in IoT-based attacks. In the first two months of 2023, the average number of weekly attacks on IoT devices per company increased by 41 percent compared to 2022. On average, 54 percent of companies were affected by attempted cyberattacks on IoT devices every week. Even then, European companies were the most targeted by attacks on IoT devices, followed by those from Asia and Latin America.

(lb/checkpoint)

Ad

Weitere Artikel