IoT hacker builds Huawei-based botnet, enslaves 18,000 devices in one day
How long does it take to build a #botnet? Not long, if you consider #Anarchy ‘s 18,000-device-strong creation, brought to life in only 24 hours. First spotted by researchers from @NewSky Security, as reported by @Bleeping Computer, other security firms including @Rapid7 and @Qihoo 360 @Netlab quickly jumped on the case and confirmed the existence of the new threat.
The security teams realized there has been a huge recent uptick in @Huawei device scanning.The traffic surge was due to scans seeking devices vulnerable to CVE-2017-17215, a critical security flaw which can be exploited through port 37215.Scans to find routers vulnerable to the issue began on 18 July.
If a Huawei router is exploited in this fashion, attackers can send malicious packets of data, launch attacks against the device, and remotely execute code — which can be crafted in order to control, enslave, and add these devices to botnets.
Botnets are the creation of vast networks full of enslaved devices, which can include standard PCs, routers, smartphones, and a more recent addition, the compromise of Internet of Things (IoT) devices ranging from smart lights to fridges.
The LizardStresser botnet, a distributed denial-of-service (DDoS)-for-hire system, for example, was able to launch 400Gbps attacks thanks to our vulnerable IoT devices.
After the source code was released to the public in 2015, LizardStresser botnet variants were discovered which targeted IoT products use telnet brute-force logins to random IP addresses with a hard-coded list of user credentials.
Hard-coded credentials are a common problem with IoT products even today, and all it often takes is a simple scanner to compromise such devices.