Cryptocurrency-mining bot targets devices with SSH service
Target: Internet of Things (IoT) devices that have an open Remote Desktop Protocol (RDP) port.
Attack Vector: Cryptocurrency miner.
Summary: A newly discovered cryptocurrency-mining bot is targeting Internet of Things (IoT) devices that have an open Remote Desktop Protocol (RDP) port, enabling it to exploit vulnerable devices. Not only are attackers targeting IoT connected devices, they are also capable of carrying out cryptocurrency mining in the background. The IP related to the attack has been identified as 184.108.40.206, which is based in the US, California, and connected to the organisation Vivid Hosting. It has seen to be typically landing on port 22, an SSH service. This implies the attack could be applicable to all servers and connected devices with a running SSH service.
Risk assessment summary: This threat has been assessed as 3c MODERATE. If successful, the attacker can install a cryptocurrency miner on to a device using social engineering tactics. Once the miner has been installed, the attackers can funnel profit, in the form of Monero and Ethereum cryptocurrency, over to a scam website. However, the likelihood of infection is mitigated by employing good security practices to protect against phishing or embedded email delivered malware.
Hide ‘N’ Seek IoT Botnet Gains Persistence
Target: IoT Devices
Attack Vector: Telnet connection or brute-force dictionary attack
Summary: Researchers at Bit Defender have discovered the first instance of an IoT botnet malware strain that has gained persistence on devices, even after the devices are rebooted following the initial compromise. The Hide ‘N’ Seek botnet has been in development since first observed in the wild in January 2017. It has been developed by the actors and now has this capability along with P2P communications. If this development can be exploited further, it could drastically alter the war on malware, as it could open up the floodgates for targeted attacks on IoT devices, which, in certain circumstances, could be vulnerable to infection. It is estimated that there will be some 31 billion connected IoT devices as of 2018
Risk assessment summary: The threat is assessed as 3c MODERATE. This malware and its use of the same exploit as Reaper and other vulnerabilities against networked devices, is likely to be developed further and weaponised by threat actors. Further attacks using this vector remain a significant risk factor. The malware has already undergone a number of upgrades and now allows lateral movement through a Telnet port to infect further devices and gain persistence in doing so under certain circumstances. The potential for the growth of this botnet is also a significant cause for concern. If it can be further developed and weaponised, it could have a significant effect on IoT and networked devices