- RondoDox botnet exploits 56 vulnerabilities in more than 30 types of devices connected to the Internet
- His “exploitation shotgun” approach is loud and attracts defenders but compromises various teams.
- Patching devices, updating firmware and isolating networks help prevent botnet infiltration
Security researchers are warning about RondoDox, a loud new botnet that targets dozens of vulnerabilities in more than 30 devices.
Typically, cybercriminals would focus on a vulnerability in a specific endpoint, whether it’s a zero-day flaw or an old, unpatched vulnerability, and try to build their botnet around that. RondoDox, however, is completely different. It currently attacks 56 vulnerabilities in all types of hardware and new targets are constantly being added.
Security researchers at Trend Micro call this strategy “exploitation shotgun.” It works well, but it’s also loud and draws the attention of defenders fairly quickly.
Other services intact
A botnet is a network of bots: compromised endpoints such as routers, DVRs, CCTV and webcam systems, smart home devices, and other hardware connected to the Internet.
They are used for all types of criminal activities, from launching distributed denial of service (DDoS) attacks to renting residential proxy services to other hackers.
RondoDox is a herald of things to come, CyberInsider argues. Cybercriminals are moving toward “modular, automated exploitation of aging infrastructure at scale,” the publication states.
The list of vulnerable devices is quite extensive and includes heavyweights such as QNAP, D-Link, Netgear, TP-Link and Linksys.
The list of vulnerabilities includes all types of flaws, from those found during Pwn2Own competitions to some that are years old and found in devices that have passed their end-of-life (EoL) status.
Luckily, defending against these bugs is easy, since most of them already have a patch available. Therefore, installing the patch is the way to go. Additionally, keeping firmware up-to-date at all times and ensuring no unsupported devices are running is a good rule of thumb to avoid being assimilated into a malicious botnet.
Since some of the flaws do not have a CVE assigned and could be zero-day, there are other measures that companies should take. That includes segmenting the network, isolating critical data from Internet-connected hardware and guest connections, and ensuring that passwords and other login credentials are unique, secure, and updated frequently.
At the time of writing, the campaign is still active.
Through beepcomputer
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
