Expert Comments

CEO Perspective On Muhstik IoT Botnet Infecting Cloud Servers & Mining Crypto

Expert(s): Security Experts
Expert(s): Security Experts

Researchers with Lacework have published new findings on Muhstik, the long-active botnet currently employing several web application exploits to mine cryptocurrency and target Oracle WebLogic and Drupal. The botnet is monetized via XMRig, cgmining and with DDoS attack services. 

Lacework researchers note: “Muhstik leverages IRC for its command and control and has consistently used the same infrastructure since its inception. The primary method of propagation for IoT devices is via home routers however there are multiple attempted exploits for Linux server propagation. Targeted routers include GPON home router, DD-WRT router, and the Tomato router…  (its activities are) tied to cryptomining and Linux backdoors.

Experts Comments

Dot Your Expert Comments
Saryu Nayyar
November 12, 2020
CEO
Gurucul

Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options.
Lacework\\\'s analysis of the Muhstik botnet is interesting on several levels, especially in its command and control infrastructure. Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options, but was once the method of choice for botnet control. The Muhstik authors have gone old school here, while targeting IoT devices, cloud servers, and home routers. The fact that this botnet has remained in operation for over two years shows how hard .....Read More
Lacework\\\'s analysis of the Muhstik botnet is interesting on several levels, especially in its command and control infrastructure. Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options, but was once the method of choice for botnet control. The Muhstik authors have gone old school here, while targeting IoT devices, cloud servers, and home routers. The fact that this botnet has remained in operation for over two years shows how hard it can be to effectively contain and eradicate these threats. Fortunately, it is relatively easy to identify and disrupt this botnet\\\'s C2 traffic. Simple firewall rules can stop traffic to identified C2 nodes, while security analytics can easily detect the behaviors associated with an infected host or the botnet\\\'s spread.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...