Rising dangers of BotNets
Few of the leading institutions for working on cyber security and large data, announced the Cyber Threat Status Report for the second quarter of the year.
Report highlights the dangers that both ransom attacks, such as WannaCry or EnternalRocks, and BotNets, such as Hajime or Persirai, might have. According to the report, WannaCry, the biggest ransom software attack in history that has not caused much damage in Asia, in May, has affected nearly 150 countries and nearly 200 systems around the world. Like the WannaCry malware, Notpetia malware, which uses EternalBlue vulnerability, was also one of the few ransom attacks in the first half of this year which had devastating results. The attack spreading across the globe reached many organizations such as Russian oil company Rosneft, Danish maritime giant Maersk and US-based pharmaceutical company Merck.
Besides the WannaCry and Notpetia, Botnets, which pose great threats especially for the internet of things, are another important topic mentioned in the STM Report. However, it especially talks about the actions that 2 IoT BotNet, Persirai and Hajime can do. Persirai, which affected 120 thousand security cameras, infiltrates the interfaces of the cameras and provides access to personal information. Its effects have been seen in China, Japan, Europe, North and South American. Report also points out that one of the biggest causes of such attacks are the use of predefined passwords. STM experts point out that in order to prevent attacks, the predefined passwords of the devices must be replaced with strong passwords and at the same time the UPnP protocol on the routers must be deactivated. Besides Persirai, the mysterious Hajime also became another IoT BotNet mentioned in the STM Siberian Threat Status Report. First discovered in October, 2016, Hajime targets the loT devices including DVR and CCTVs which doesn’t have a strong firewall. Hajime, which has added nearly 300,000 devices to its current state, continues to evolve by developing new spreading techniques. Hajime, who created a giant end-to-end botnet with the devices it has acquired, secretly performs spam or DDoS attacks using these devices.
In the research period, it is stated that malicious software spreads primarily through Vietnam, Taiwan and Brazil.
Report also includes subtitle files on videos that are watched live on the internet as a new type of cyber attack. The subtitle files that cause the capture of the devices of the user by manipulating are defined as the new type of sneak attack type. Most of the media player programs announced that they had recently released patches to prevent such exploits. In addition, users are advised to update their media player programs with the latest versions to protect themselves and reduce the risk of potential attack.