EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices.
The time between a vulnerability being identified in popular software — such as VMware, F5’s Big IP and others, and threat actors weaponising the flaw is getting smaller and smaller. With vulnerabilities discovered daily, and the increasing frequency of security advisories being issued, it’s often difficult to know what poses a real versus a theoretical risk. That said, ignorance is not an adequate defence. With the majority of data breaches and ransomware infections traced back to an unpatched vulnerability in the infrastructure, its imperative organisations take notice and determine how damaging the threat faced is to their environment.
With news that EnemyBot is being continually modified it is another reminder that a vulnerability’s criticality can change. It’s like having a broken lock on a top floor window of an apartment block — as long as no-one knows the lock is broken, and there’s no way to reach the window, the risk is purely theoretical. However, if threat actors know that behind that window is a room filled with money, and that the lock is broken, you can bet they’ll be creating something that will allow them to climb up and give it a push. The clock is not just ticking but detonation is imminent for the vulnerabilities targeted by EnemyBot. Organisations must take action to find and fix the weaponised flaws in their environment.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics