gradient

IoT devices across the world targeted by major new botnet

Researchers from Aqua Security discover new Matrix botnetThe botnet runs IP cameras, DVRs, routers, and similarMatrix was built using off-the-shelf and open source tools

Cybersecurity researchers have spotted a new malicious botnet running distributed denial of service (DDoS) attacks against victims worldwide.

Named “Matrix” by experts at Aqua Security, the botnet was created by a lone hacker gathering up different open source and otherwise free-to-use tools to create it from scratch.

The creator scanned the internet for vulnerable Internet of Things (IoT) devices such as IP cameras, DVRs, routers, and telecom equipment – they could either have a known software flaw, or could simply have an easy-to-break password.

Script kiddie

After identifying the vulnerable endpoints, the hacker would deploy Mirai – an infamous, almost decade-old malware that was behind some of the most disruptive DDoS attacks in history. Besides Mirai, the attacker would also deploy PYbot, pynet, DiscordGo, Homo Network, and other malicious tools.

Ultimately, this led to the creation of Matrix, a widespread botnet that was later offered for other crooks as a service. The sale was being facilitated via a Telegram channel called “Kraken Autobuy”, with the attacker being paid in cryptocurrency.

Its victims are scattered all over the world – from China and Japan, to Argentina, Australia, and Brazil. Egypt, India, and the US also found themselves on the list.

However, while the threat actor seems to be of Russian origin, there is a notable absence of Ukrainian targets, as the researchers believe this is because the Matrix’s “Architect” is after money, and not political or ideological agendas.

Aqua has also made an interesting observation, calling the attacker a “script kiddie”. This is a derogatory term in the cybersecurity community, usually describing an inexperienced, or unskilled hacker. The researchers did it because the attacker used off-the-shelf solutions, rather than building custom solutions on their own.

However, they also hinted that script kiddies could become a much bigger threat in the future:

“This campaign, while not highly sophisticated, demonstrates how accessible tools and basic technical knowledge can enable individuals to execute a broad, multi-faceted attack on numerous vulnerabilities and misconfigurations in network-connected devices,” they said.

“The simplicity of these methods highlights the importance of addressing fundamental security practices, such as changing default credentials, securing administrative protocols, and applying timely firmware updates, to protect against broad, opportunistic attacks like this one.”

You might also like

Zyxel VPN security flaw targeted by new ransomware attackersHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now