The security concerns and attacks related to IoT devices and applications are not going to end anytime soon. With the rising number of interconnected devices, the IoT attacks will simply increase also. One such major IoT attack was observed by the researchers from NewSky Security.
An IoT hacker by the name “Anarchy” has been successful in developing a massive botnet that in one day enslaved around 18,000 vulnerable devices present on Huawei routers. The security teams at NewSky Security observed that there was a recent massive issue in the overall scanning of the Huawei-based devices. There was a sudden traffic surge in the Huawei routers connected to the devices of the users. The sudden rise in traffic was due to rapid scans that were searching for devices vulnerable to CVE-2017-17215 a major security flaw that could be exploited through port 37215.
The issue related to the concurrent scans for finding the vulnerable devices and routers started on July 18th. The well-known security exploit had been utilized earlier by two variations of the Satori botnet along with other Mirai variants.
In the fashion of botnet exploitations, the hackers send malicious codes or packets of data to launch the cyber attack against vulnerable devices and remotely executing code. This security attack could be implemented to control, enslave, or add other vulnerable devices to these particular botnets.
Botnets are vast networks of enslaved devices including standard PCs, smartphones, and routers. Most recently, botnets enslaved IoT devices ranging from refrigerators to smart lights.
In the given case of the development of a Huawei-based botnet, the cyber attacker made use of the previous CVE-2017-17215 flaw to compromise over 18,000 devices connected to the Huawei routers. The hacker was successful in revealing a list of the IP victims to the researchers of the attack; however, the list has not been yet made public.
The malicious code that was aimed at compromising the Huawei routers had been released to the public in January 2018. The code was previously utilized in Brickerbot, Satori, and the infamous Mirai botnets as well.
While the motive of the exploitation or the given cyber attack has not been yet made clear, the hacker, Anarchy, revealed to the researchers that the team wished to develop the worst and largest botnet ever made. The researchers believe that Anarchy might be the same hacker who was also known by the name “Wicked” linked to the exploitation of the IoT devices through the development of Sora and Owari botnets.
This story might not be yet over. The creators of the botnets might intend to start another significant cyber attack project soon enough.