- TBK DVR and Four Faith routors have known and known security failures
- Fallas were used to build botnet Mirai in the past, and are now used to build rondodox too
- Users are recommended to patch, firewall or replace vulnerable final points
At this moment, a new malicious botnet is being built, called Rondodox at this time, which is potentially addressed to thousands of products worldwide that Xperts have warned.
Fortinet Fortiguard Labs cybersecurity researchers, who said they saw multiple vulnerabilities in different digital video recorders (DVR) and exploited routors to create the botnet.
The vulnerabilities in question are tracked as CVE-2024-3721 and CVE-2024-12856. These two were found in TBK digital video recorders, DVR-4104 and DVR-4216 models, as well as in four faith routers, F3X24 and F3X36 models.
Defend their final points
According BleepingcomputerThe failures were exploited before by the threat actors who build the infamous Botnet Mirai. They are popular among cybercriminals because these devices are often used in retail stores, warehouses, small offices and similar places, where “they often do not supercon for years.”
As such, they are main objectives: easy to compromise and assets for years without patches or updates.
Cybercriminals love the construction of Botnets. A network of committed devices, from routers, to intelligent domestic devices, can be used for all types of dire activities, from distributed service denial attacks (DDOS), to residential proxy services that can be rented.
In fact, Rondodox seems to be used for stealthy proxies, hiding command and control traffic (C2) for even more malicious activities. It is also used to execute scams in layers, or to amplify ddos campaigns per rent.
It is also quite good to stay hidden, the researchers claim, trying to falsify games traffic.
“To evade detection, disguise malicious traffic when emulating popular games and platforms such as Valve, Minecraft, Dark and Darker, Roblox, Dayz, Fortnite, GTA, as well as tools such as Discord, OpenVPN, Wireguard and Raknet,” Fortinet explained.
“Beyond the games and chat protocols, Rondodox can also imitate the personalized traffic of tunnel communication services and in real time, including Wireguard, OpenVPN variants (for example, OpenVPNAUT, OpenVPNCrypt, OpenVPNTCP), Stun, DTLS and RTC.”
As usual, to defend themselves with these threats, users must ensure that their routers and DVR have an updated firmware and strong and personalized passwords. If they are no longer supported by their suppliers, they must be replaced by newer models. In addition, if possible, devices must be disconnected from the public internet or placed behind a firewall.
Through The hacker news
