A updated version of a malware (a botnet, precisely) called KmsdBot is now targeting the devices Internet of Things (IoT, Internet of Things), simultaneously expanding its capabilities and attack area.
KmsdBot, a “big” comeback
“The binary now includes support for the Telnet scan and support for multiple CPU architectures“, has declared Larry W. Cashdollar, security researcher at Akamai, in a review published this month.
The latest release, observed since July 16, 2023, comes months after it was discovered that the botnet is being offered as a service DDoS for hire from third parties; the fact that it is constantly updated indicates its effectiveness in attacks in the real world (real world, yes, since the IoT is basically home automation).
KmsdBot was first documented by the web infrastructure and security firm in November 2022. It is primarily designed to attack private game servers and cloud hosting providers, although it has since turned its attention to some Romanian government sites and institutes Spanish educational.
The malware is designed to scan random IP addresses for open SSH ports and force the system with a list of passwords downloaded from an actor-controlled server. The new updates incorporate Telnet scanning and allow you to cover more CPU architectures commonly found in IoT devices.
“Like the SSH scanner, the Telnet scanner calls a function that generates a random IP address“explained Cashdollar. “So [questo malware, KmsdBot] tries to connect to port 23 of that IP address. However, the Telnet scanner doesn’t stop at a simple decision whether port 23 is listening/not listening; checks that the receiving buffer contains data.”
The attack against Telnet is accomplished by downloading a text file (telnet.txt) which contains a list of commonly used weak passwords and their combinations for a wide range of applications, mainly exploiting the fact that many IoT devices keep their default credentials .
“The ongoing activities of the KmsdBot malware campaign indicate that IoT devices remain widespread and vulnerable on the Internet, making them attractive targets for creating a network of infected systemsCashdollar said.
“Technically, the addition of telnet scanning capabilities suggests an expansion of the botnet’s attack surface, allowing it to target a wider range of devices. Furthermore, as the malware evolves and adds support for more CPU architectures, it poses an ongoing threat to the security of Internet-connected devices.”
What to do in case of a similar attack
Compared to more common attacks, it could simply keeping the firmware up to date is not enough; moreover, it is very difficult for home automation devices have an antivirus or anti malware installed in it.
There are essentially 2 possible solutions:
- have a firewall system that protects your home automation, usually a PC that “controls” through special programs;
- doing IoT home automation for your own business, for example Raspberry, Arduino and company, but it could be very difficult especially for those who are beginners or have never done it.
At present there is no specific antivirus or anti-malware for issues like theseunless you use self-made software, where you can get your hands on it on your own, but very few people have such skills, so it’s not something everyone can do.
#KmsdBot #malware #receiving #update