Satori IoT Botnet | Breaking Cybersecurity News | The Hacker News

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service (DDoS) attacks against various online service and targets. According to court documents, Kenneth Currin Schuchman , a resident of Vancouver, and his criminal associates–Aaron Sterritt and Logan Shwydiuk–created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide. Dubbed Satori, Okiru, Masuta, and Tsunami or Fbot, all these botnets were the successors of the infamous IoT malware Mirai , as they were created mainly using the source code of Mirai, with some additional features added to make them more sophisticated and effective against evolving targets. Even after the orig...

Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of the GPON exploit in the wild. As detailed in our previous post, Gigabit-capable Passive Optical Network (GPON) routers manufacturer by South Korea-based DASAN Zhone Solutions have been found vulnerable to an authentication bypass ( CVE-2018-10561 ) and a root-RCE ( CVE-2018-10562 ) flaws that eventually allow remote attackers to take full control of the device. Shortly after the details of the vulnerabilities went public, 360 Netlab researchers warned of threat actors exploiting both the flaws to hijack and add the vulnerable routers into their botnet malware networks. Now, the researche...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

The cybersecurity threat landscape has never been more extensive and is most likely to grow exponentially in 2018. Although the original creators of Mirai DDoS botnet have already been arrested and jailed, the variants of the infamous IoT malware are still in the game due to the availability of its source code on the Internet. Security researchers have spotted a new variant of infamous Mirai IoT malware designed to hijack insecure devices that run on ARC embedded processors. Until now, Mirai and its variants have been targeting CPU architectures— including x86, ARM, Sparc, MIPS, PowerPC and Motorola 6800 —deployed in millions of Internet of Things (IoT) devices. Dubbed Okiru , the new Mirai variant, first spotted by @unixfreaxjp from MalwareMustDie team and notified by independent researcher Odisseus , is a new piece of ELF malware that targets ARC-based embedded devices running Linux operating system. " This is the FIRST TIME ever in the history of computer eng...

Although the original creators of the infamous IoT malware Mirai have already been arrested and sent to jail, the variants of the notorious botnet are still in the game due to the availability of its source code on the Internet. Hackers have widely used the infamous IoT malware to quietly amass an army of unsecured internet-of-things devices , including home and office routers, that could be used at any time by hackers to launch Internet-paralyzing DDoS attacks . Another variant of Mirai has hit once again, propagating rapidly by exploiting a zero-day vulnerability in a Huawei home router model. Dubbed Satori (also known as Okiru), the Mirai variant has been targeting Huawei's router model HG532, as Check Point security researchers said they tracked hundreds of thousands of attempts to exploit a vulnerability in the router model in the wild. Identified initially by Check Point researchers late November, Satori was found infecting more than 200,000 IP addresses in just...