A new IoT malware was detected in October 2021 with as many as 30 exploit mechanisms that were coded into it. This malware called BotenaGo was able to seek out and attack vulnerable targets by itself without having to rely on any human intervention. Once it infects a device, it creates two backdoor ports viz., Ports: 31412 and 19412. It will then use port 19412 to listen and roll through programed exploit functions and execute them in sequence.
BotenaGo is an autonomous malware which means that it doesn’t need any human intervention once it is released. This malware was released accidentally by its developers and could very well be a beachhead malware I.E., malware that opens the infrastructure to another wave of devastating attacks. This was just the preview. Sectrio’s Threat Research team has come across new propagation and exploit strategies that hackers are using to target IoT deployments exclusively.
Gone are the days when hackers were using highjacked devices to only launch attacks on selected targets. Today, in addition to DDoS attacks, highjacked devices are used for a variety of illegal uses by hackers including sending unsolicited SMS messages, sending traffic to sites to boost their traffic numbers, promoting spam links, and more.
Contracted hackers work by offering two modes. In the first mode, a fixed number of highjacked bot devices are offered to prospective buyers for pre-decided uses. The availability of devices is guaranteed in this mode with the hacker promising to add more devices to compensate for the loss of any device due to the cyberattack being detected. In the second mode, a range of devices or a certain compute power is but on the block by a hacker. The hacker doesn’t care about the end use in this mode. This is to cater to cyber criminals who wish to scale up or ramp down their operations based on various factors.
IoT multi-loader malware in development can increase the number of malware that can be deployed and cover more exploits as well. The hackers have invested more time and money in building more potent malware in the last two years. Some of these developments were funded…