Mirai Botnets Exploit Flaw in Wazuh Security Platform
The two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs.
Stay informed on botnet trends, attacks, and defenses. Get the latest updates and expert insights on botnet threats in information security.
Search across headline titles and summaries.
Background for this topic.
A botnet is a network of compromised internet-connected devices controlled remotely by an attacker through malware. These devices, known as bots, receive commands from centralized or decentralized command-and-control (C2) servers to perform coordinated actions such as launching Distributed Denial of Service (DDoS) attacks, sending spam, or distributing additional malware. Botnets vary in size and complexity, often leveraging vulnerabilities in devices or weak authentication to propagate.
In information security, botnets pose significant risks including large-scale service disruptions from DDoS attacks and the unauthorized use of infected devices for malicious activities. Detecting botnet activity involves monitoring network traffic for unusual patterns and identifying communication with known C2 infrastructure. Effective defense includes timely patching of vulnerable systems, blocking C2 domains or IPs based on threat intelligence, and isolating infected hosts to prevent further spread or damage. Coordinated efforts to disrupt botnet infrastructure can reduce their operational impact.
The two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs.
The botnet’s still alive and evolving Badbox 2.0, the botnet that infected millions of smart TV boxes and connected devices before private security researchers and law enforcement partially disrupted its infrastructure, is readying for a third round of fraud and digital attacks, according to one of the threat hunters who uncovered the original scheme.…
The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too Cybercriminals are trying to spread multiple Mirai variants by exploiting a critical Wazuh vulnerability, researchers say – the first reported active attacks since the code execution bug was disclosed.…
A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 DevicesA Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet. A security researcher first identified the vulnerability in April 2024.
A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct distributed denial-of-service (DDoS) attacks
The FBI says mainly Chinese-made IoT devices pose a threat from Badbox 2.0 malware
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. [...]