marry 27.11.2024, 08:30 AM
Aqua Nautilus company researchers warn against DDoS attacks Russian hacker or hacker group Matrix, which uses vulnerabilities and misconfigurations in the IoT (Internet of Things) to plug them into a botnet.
Researchers say Matrix targets a large network of Internet-connected devices, including IoT devices, cameras, routers, DVRs and enterprise systems.
Matrix uses a variety of techniques, but primarily relies on brute force attacks, exploiting weak default passwords and misconfigurations to gain initial access.
Compromised devices are embedded in the botnet. Matrix also uses various publicly available scripts and tools to scan vulnerable systems, deploy malware, and execute attacks.
Although it is likely a Russian hacker or hacker group, the fact that there are no Ukrainian targets among the victims indicates that the primary focus is on financial gain rather than political goals. The attacks were primarily aimed at IP addresses located in China, Japan and to a lesser extent in Argentina, Australia, Brazil, Egypt, India and the USA.
Matrix uses a Telegram bot, Kraken Autobuy, to advertise services DDoS attacksand customers pay for this service with cryptocurrencies.
Matrix uses a combination of recently discovered and older vulnerabilities, including CVE-2014-8361, CVE-2017-17215, CVE-2018-10562, CVE-2022-30525, CVE-2024-27348, CVE-2018-10561, CVE-2018-10561. 2018-9995, CVE-2018-9995, CVE-2017-18368, and CVE-2017-17106. These vulnerabilities, combined with the widespread use of weak passwords, create significant opportunities for attack. Most attacks (about 95%) happen on weekdays.
The potential impact of this campaign is significant, with millions of internet-connected devices potentially vulnerable to exploitation. “Nearly 35 million devices are vulnerable,” the researchers warn.
“This campaign, while not highly sophisticated, demonstrates how affordable tools and basic technical knowledge can enable individuals to launch a broad, multifaceted attack against numerous vulnerabilities and misconfigurations in network-connected devices,” the report said.
Photo: chivozol | Pexels
Source: www.informacija.rs
