Were vulnerable businesses unable to replace their devices over such a long period of time?
Recently, cybersecurity experts from the company Fortinet discovered an unprecedented botnet network called Goldoon, which targeted D-Link routers through the vulnerability CVE-2015-2051, which has been known for almost a decade. This vulnerability has almost the highest CVSS score (9.8 points) and allows remote attackers to execute arbitrary commands using specially generated HTTP requests.
Kara Lin and Vincent Lee, researchers at Fortinet FortiGuard Labs, noted that once a device is infected, the attacker gains full control over it, which allows hackers to extract information from the system, establish communication with the management server, and use the infected devices for further malicious actions, including DDoS attacks.
According to telemetry data, the surge in activity of this botnet network began on April 9, 2024. Attackers use the above vulnerability to upload malicious code to various architectures of Linux systems, after which traces of virus activity are deleted, which complicates the detection of the attack.
Goldoon not only provides a permanent presence on infected devices, but also establishes communication with the management server to receive further instructions. The botnet is capable of performing DDoS attacks using 27 different methods over different protocols, including DNS, HTTP, ICMP, TCP, and UDP.
In the context of the development of botnets, as experts from Trend Micro point out, attackers and government actors are increasingly using infected routers as an anonymization layer, renting them out to other criminals or commercial proxy providers. Such actions increase the difficulty of detecting malicious activity, mixing it with legitimate traffic.
The researchers emphasize that Internet routers remain an attractive target for cybercriminals, as they often have limited security monitoring and outdated software.
The news about the Goldoon botnet serves as a reminder of the need to regularly update software and strengthen security measures on network devices. And if the working router's support period has expired, you should not delay replacing it, so that hackers have as little chance as possible of using it for their own malicious purposes.
DDoS attacks are, of course, bad, although not fatal. However, the theft of credentials, which is also capable of some malware like Cuttlefish, is already an absolutely real threat to any enterprise. Such malware can not only slow down the router, but also compromise existing company accounts, stealing all valuable information. That is why any organization should give priority to protecting its network devices.
Recently, cybersecurity experts from the company Fortinet discovered an unprecedented botnet network called Goldoon, which targeted D-Link routers through the vulnerability CVE-2015-2051, which has been known for almost a decade. This vulnerability has almost the highest CVSS score (9.8 points) and allows remote attackers to execute arbitrary commands using specially generated HTTP requests.
Kara Lin and Vincent Lee, researchers at Fortinet FortiGuard Labs, noted that once a device is infected, the attacker gains full control over it, which allows hackers to extract information from the system, establish communication with the management server, and use the infected devices for further malicious actions, including DDoS attacks.
According to telemetry data, the surge in activity of this botnet network began on April 9, 2024. Attackers use the above vulnerability to upload malicious code to various architectures of Linux systems, after which traces of virus activity are deleted, which complicates the detection of the attack.
Goldoon not only provides a permanent presence on infected devices, but also establishes communication with the management server to receive further instructions. The botnet is capable of performing DDoS attacks using 27 different methods over different protocols, including DNS, HTTP, ICMP, TCP, and UDP.
In the context of the development of botnets, as experts from Trend Micro point out, attackers and government actors are increasingly using infected routers as an anonymization layer, renting them out to other criminals or commercial proxy providers. Such actions increase the difficulty of detecting malicious activity, mixing it with legitimate traffic.
The researchers emphasize that Internet routers remain an attractive target for cybercriminals, as they often have limited security monitoring and outdated software.
The news about the Goldoon botnet serves as a reminder of the need to regularly update software and strengthen security measures on network devices. And if the working router's support period has expired, you should not delay replacing it, so that hackers have as little chance as possible of using it for their own malicious purposes.
DDoS attacks are, of course, bad, although not fatal. However, the theft of credentials, which is also capable of some malware like Cuttlefish, is already an absolutely real threat to any enterprise. Such malware can not only slow down the router, but also compromise existing company accounts, stealing all valuable information. That is why any organization should give priority to protecting its network devices.
