Both simple routers and video surveillance devices are at risk.
According to fresh data provided by cybersecurity company Akamai, researchers recently discovered a new botnet based on the legendary Mirai malware.
The malicious infrastructure is called "InfectedSlurs". For distribution, it uses two zero-day vulnerabilities that allow it to easily infect routers and DVRs accessible from the Internet.
InfectedSlurs activity was first noticed in October 2023, although it is likely that the botnet was launched at the end of last year.
InfectedSlurs exploits Remote Code Execution (RCE) vulnerabilities, making infected devices part of its network for DDoS attacks, presumably for profit.
Akamai reports that manufacturers of affected devices have not yet released patches to address these vulnerabilities, which is why owners of vulnerable equipment cannot even fully protect themselves from this threat.
An analysis of InfectedSlurs showed that hackers attacks were aimed at NVR video recorders of a certain manufacturer, whose name is not disclosed for security reasons. InfectedSlurs uses the same principle to attack unnamed WLAN routers that are popular both among home users and those used in the hotel business.
It is known for certain that "InfectedSlurs" is a variation of Mirai JenX. Its C2 infrastructure supports hailBot operations, and an analysis conducted by experts showed a connection between the botnet and the attackers Telegram account, which was already deleted at the time of writing the report.
Since patches for vulnerable devices have not yet been released, experts recommend regularly rebooting vulnerable NVR recorders and routers to temporarily interrupt the botnet's activity. However, since Akamai did not disclose specific vulnerable brands and models, this action may be meaningless for 99% of users of such equipment.
However, if you have devices of this type in your arsenal, it will not be superfluous to monitor the release of new software versions in the coming weeks and install them as soon as possible. Suddenly, it is your hardware that is vulnerable to hacker attacks.
According to fresh data provided by cybersecurity company Akamai, researchers recently discovered a new botnet based on the legendary Mirai malware.
The malicious infrastructure is called "InfectedSlurs". For distribution, it uses two zero-day vulnerabilities that allow it to easily infect routers and DVRs accessible from the Internet.
InfectedSlurs activity was first noticed in October 2023, although it is likely that the botnet was launched at the end of last year.
InfectedSlurs exploits Remote Code Execution (RCE) vulnerabilities, making infected devices part of its network for DDoS attacks, presumably for profit.
Akamai reports that manufacturers of affected devices have not yet released patches to address these vulnerabilities, which is why owners of vulnerable equipment cannot even fully protect themselves from this threat.
An analysis of InfectedSlurs showed that hackers attacks were aimed at NVR video recorders of a certain manufacturer, whose name is not disclosed for security reasons. InfectedSlurs uses the same principle to attack unnamed WLAN routers that are popular both among home users and those used in the hotel business.
It is known for certain that "InfectedSlurs" is a variation of Mirai JenX. Its C2 infrastructure supports hailBot operations, and an analysis conducted by experts showed a connection between the botnet and the attackers Telegram account, which was already deleted at the time of writing the report.
Since patches for vulnerable devices have not yet been released, experts recommend regularly rebooting vulnerable NVR recorders and routers to temporarily interrupt the botnet's activity. However, since Akamai did not disclose specific vulnerable brands and models, this action may be meaningless for 99% of users of such equipment.
However, if you have devices of this type in your arsenal, it will not be superfluous to monitor the release of new software versions in the coming weeks and install them as soon as possible. Suddenly, it is your hardware that is vulnerable to hacker attacks.
