Expert Comments

CEO Perspective On Muhstik IoT Botnet Infecting Cloud Servers & Mining Crypto

Expert(s): Security Experts
Expert(s): Security Experts

Researchers with Lacework have published new findings on Muhstik, the long-active botnet currently employing several web application exploits to mine cryptocurrency and target Oracle WebLogic and Drupal. The botnet is monetized via XMRig, cgmining and with DDoS attack services. 

Lacework researchers note: “Muhstik leverages IRC for its command and control and has consistently used the same infrastructure since its inception. The primary method of propagation for IoT devices is via home routers however there are multiple attempted exploits for Linux server propagation. Targeted routers include GPON home router, DD-WRT router, and the Tomato router…  (its activities are) tied to cryptomining and Linux backdoors.

Experts Comments

November 12, 2020
Saryu Nayyar
CEO
Gurucul
Lacework\\\'s analysis of the Muhstik botnet is interesting on several levels, especially in its command and control infrastructure. Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options, but was once the method of choice for botnet control. The Muhstik authors have gone old school here, while targeting IoT devices, cloud servers, and home routers. The fact that this botnet has remained in operation for over two years shows how hard .....Read More
Lacework\\\'s analysis of the Muhstik botnet is interesting on several levels, especially in its command and control infrastructure. Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options, but was once the method of choice for botnet control. The Muhstik authors have gone old school here, while targeting IoT devices, cloud servers, and home routers. The fact that this botnet has remained in operation for over two years shows how hard it can be to effectively contain and eradicate these threats. Fortunately, it is relatively easy to identify and disrupt this botnet\\\'s C2 traffic. Simple firewall rules can stop traffic to identified C2 nodes, while security analytics can easily detect the behaviors associated with an infected host or the botnet\\\'s spread.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Cyberattack Risk to Royal Navy & Britain’s Merchant Fleet

Ethical Hacker Shares Insights On UC San Diego Health Data...

Expert Reaction On Apple Patch Zero-Day Vulnerability

Cybersecurity Comment: IBM Research: Cost of a Data Breach Hits...

Experts On Express MRI Notifies Patients of Data Breach

Experts On Tokyo Olympic Games: A potential Hotspot for Cybercrime

No More Ransomware’ Initiative Reduces Ransom Profits By £850m

Fake Windows 11 Installer Could Destroy PC Data

Apple Release Urgent iPhone Updates But Not For Pegasus Zero-day

MITRE Releases List of Top 25 Bugs, Experts Weigh In

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy