Introduction
Botnets are a fast and effective way for cybercriminals to introduce malware to a system. Short for bot network, botnets work by loading one computer with the virus. Then it is automatically scanned for weak points. With A.I. technology, the malware proliferates on its own. It finds holes in each protective barrier to infect a computer and let the hackers who released it in through a backdoor. Then they can find any files they want, and even be loaded with software that starts automatically infecting as many computers as they can find on the victim’s contact list, too. This is why they present such a danger.
Now a new botnet called EwDoor has been recently discovered, which has been specifically targeting AT&T devices based in the U.S.
How Do Botnets Work?
Botnots disrupt servers with mass DDOS attacks. The horde of infected computers make up the “network” that spams a server until it’s no longer able to support traffic. Linking these strings of devices together to form a horde has a serious impact on site functionality, which can lead to ransomware attacks as well.
This is particularly problematic for the internet of things, commonly abbreviated as IoT, which is a general term referring to things like your cell phone, tablet, etc. that connect online wirelessly. Given its significantly reduced security standards compared to a computer, this presents a massive opening for cybercriminals to hack into these devices.
Despite this inherent risk, IoT devices are too prolific to expect to drop off the market. Smart phones are in most people’s pockets; homes are awash with smart TVs and spare tablets. Instead, security teams simply have to prepare to meet the challenge.
AT&T Fights EwDoor
This same vulnerability is exactly what compromised over 5,700 devices as of December 2021. The EwDoor botnet compromised IP addresses, among other private information like call logs; and is capable of denial-of-service attacks after entering a backdoor. So far, it seems to be targeting the U.S.
This particular breach was due to an unpatched update which presented an opportunity for attack via blind command injection. This vulnerability, first noted in 2017, neither reports nor filters the command before execution. Thus cybercriminals can run their own commands much more easily, without detection, and the hack will likely pass unnoticed until after the attack is underway.
In this case, AT&T is actively working to mitigate the trouble and have yet to uncover any reports of illegally-accessed consumer data, according to their sources.
How to Protect Devices in the Future
To avoid situations like this, particularly given that the four-year window enabled EwDoor to evolve against the latest cybersecurity measures wrought to stop it, it’s best to keep your system updated with the latest security systems available to you. Regularly check your network’s security with penetration and vulnerability tests to make sure that it’s up-to-date in the modern threat landscape.
IoT devices are at particular risk given its relative lack of security standards. Learn more about the cyber-dangers of IoT.
Try keeping your IoT devices safer with these tips:
- Avoid public networks on your phone
- Opt for guest or private networks whenever possible
- Use a secure router, with alphanumerical passwords that are hard to crack
- Avoid using personal information in your router’s name; the less hackers know about you, the better
- Change default passwords
- Update software as soon as it’s available
IoT devices simply aren’t equipped with a lot of the safety features inherent in a computer. These daily tips can help you maintain your privacy even while you’re mobile.
Conclusion
This situation is a perfect example of why it’s so important not to fall behind on your cybersecurity training and procedures. There was a four-year window of opportunity to patch this blind command injection vulnerability and avoid the nearly 6,000 compromises they experienced. It results in financial damages and a loss of trust from customers, not to the mention the time spend trying to quell the attack before it grows. All of this has negative impacts on the business.
Don’t wait for a threat to happen. Avoid the stress and trouble by upgrading to the latest security and performing regular tests to the same end.
References
- https://www.govinfosecurity.com/recently-discovered-ewdoor-botnet-targets-us-att-devices-a-18032
- https://www.trendmicro.com/vinfo/us/security/definition/botnet
- https://thehackernews.com/2021/12/new-ewdoor-botnet-targeting-unpatched.html
- https://portswigger.net/web-security/os-command-injection
- https://www.whitehatsec.com/glossary/content/os-command-injection
- https://usa.kaspersky.com/resource-center/threats/secure-iot-devices-on-your-home-network
