According to a blog post from IT security company Palo Alto Networks, a new variant of the IoT/Linux botnet Tsunami, which it calls Amnesia, targets an unpatched remote code execution vulnerability that was publicly disclosed over a year ago in DVR devices manufactured by TVT Digital and branded by over 70 vendors worldwide.
This vulnerability affects approximately 227,000 devices around the world with Taiwan, the US, Israel, Turkey, and India being the most exposed. Sean Newman, Director at Corero Network Security commented below.
Sean Newman, Director at Corero Network Security:
“Reports of another botnet variant exploiting the Internet of Things for nefarious activities, such as large-scale DDoS attacks, comes as no surprise. Whilst Mirai simply exploited default credentials to gain access to devices, the reported exploitation of a specific code vulnerability, by what is being called the “Amnesia” botnet, is a natural progression for attackers looking for other simple methods of compromising these typically poorly secured devices. The fact that the malware used to create this botnet has security evasion techniques built-in, is a stark indication of the value such botnets create for the perpetrators, showing they will put in the extra effort necessary to ensure their success. This is in contrast to the IoT vendors for whom, without regulation or public pressure, there is no motivation to put additional effort and resources into ensuring their devices are well secured and that their software is vigorously examined for potential vulnerabilities.”