AT&T Alien Labs™ researchers discover new malware “targeting millions of routers and IoT devices with more than 30 exploits.” The malware, dubbed BotenaGo, contains 30+ exploits designed to infect millions of routers and IOT devices. BotenaGo was written in Golang (aka Go), an open-source language designed by Google in 2007. As of publication, BotenaGo currently has low antivirus (AV) detection rate with only 6/62 known AVs seen in VirusTotal flagging the malware as malicious.
Targeted devices include a wide variety of routers, modems, and NAS devices from multiple vender lines, including: DrayTek, D-Link, NetGear, GPON, Linksys, XiongMai, Comtrend, Guangzhou, TOTOLINK, Tenda, ZyXEL (NAS) abd ZTE.
<p>The malware, BotenaGo, is a unfortunate example of why enterprises must be practicing zero trust in their environments. BotenaGo has 30+ different exploits and to this date is only recognized by 6/26 anti-virus solutions according to VirusTotal – the standard efficacy metric on the AV solutions. Zero Day hacks like BotenaGo test the readiness and completeness of our security programs. Hacks tend to follow the #KillChain of penetration, lateral movement, privilege escalation and persistence. It is key to identify the malicious behaviors regardless if our defenses like AV do not. Checking for identity changes in privilege modifications and new accounts is a good way to identify malicious activities.</p>
<p>BotenaGo is a sophisticated piece of malware and indicative of the evolution in detection evasion techniques with just a fraction of AV vendors flagging it. This is promising to hear that researchers have proactively identified this. Cyber professionals are critical in the fight against the persistent threat of evolving malware. As we can see, relying on AV solutions alone is not sufficient. Investing in a cyber team is critical to building defenses that are nimble and agile enough to go off-script when hackers change tack. We have the tools and technology to find this talent regardless of background or experience. We need to continue to invest in the next generation of cyber professionals to ensure we remain in front of threats like BotenaGo.</p>
<p>Yet again we see attack vectors on non-computer devices that can be just as harmful as going after servers and individual systems. AT&T Alien Labs researchers have discovered a malware dubbed BotenaGo, written in Golang and using a suite of malicious code to go after a wide variety of different routers, modems, and network storage devices. The result of a successful attack is the ability to remotely execute network shell commands to take over devices and disrupt operations.</p>
<p>It’s not clear how the BotenaGo malware communicates with the attackers, so this remains an active threat. But it does illustrate that there is nothing special about non-computer devices in the world of cybersecurity. Today it is just as possible to attack IoT and network devices as it is to attack computers. Enterprise cybersecurity teams need to be aware that they can be compromised in many different ways in order to watch for suspicious activity.</p>