The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- The APT Name Game: How Grim Threat Actors Get Goofy Monikers
February 5, 2019
What’s in a name? When it comes to advanced persistent threat groups, it is often quite a bit. While their monikers’ may seem whimsical – Fancy Bear, Nomadic Octopus, Ocean Lotus and Darkhotel – the reality is these are not arbitrary names. In fact, many are similar to schoolyard nicknames or a type of shorthand – ...
- Sophisticated new phishing campaign targets the C-suite
February 5, 2019
A new phishing campaign to steal login credentials is being launched on businesses – specifically the C-suite. Researchers at GreatHorn first discovered the campaign which targets senior executives by claiming to be from the company’s CEO. The fake email regards the rescheduling of a board meeting. By following the link from this email and users are greeted with a ...
- Over 485,000 Ubiquiti devices vulnerable to new attack
February 4, 2019
Ubiquiti Networks is working on a fix for a newly discovered security issue affecting its devices that attackers have been exploiting since July last year. The issue impacts over 485,000 devices, according to an internet scan conducted by US cyber-security firm Rapid7. Mass-exploitation attacks were first spotted last week by Jim Troutman, co-founder of internet exchange point ...
- Metro Bank targeted with 2FA-bypassing SS7 attacks
February 1, 2019
Metro Bank has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass attack after hackers infiltrated a telecoms firm’s text messaging protocol. The Signalling Systems No. 7 (SS7) protocol is used by telecom firms to coordinate how texts and calls are routed around the world. But according to Motherboard, hackers are more actively exploiting SS7, and ...
- FBI Mapping ‘Joanap Malware’ Victims to Disrupt the North Korean Botnet
January 31, 2019
The United States Department of Justice (DoJ) announced Wednesday its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade. Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra“—an Advanced Persistent Threat (APT) actors’ group often known as ...
- Prepare to Defend Your Network Against Swarm-as-a-Service
January 31, 2019
Swarm technology may be a game changer for the bad guys if organizations don’t change their tactics. The digital world we now inhabit creates unprecedented opportunities – both for good and for ill. One of these possibilities is swarm-based tools that can be used to either attack or defend the network. This possibility, or set of possibilities, ...