Public Release Of Malware Code Behind Satori Botnet

By   ISBuzz Team
Writer , Information Security Buzz | Jan 05, 2018 10:30 am PST

More DDoS attacks could be on the way after hackers made public the code behind the Satori botnet. The Satori botnet exploits a zero-day vulnerability in a Huawei router model. Julian Palmer, VP of Engineering at Corero commented below.

Julian Palmer, VP of Engineering at Corero:

“IoTs, including IoT routers are vulnerable devices and are increasingly frequent targets for recruitment into a botnet. The publication of code to exploit a vulnerability in Huawei HG532 routers adds to the inventory of potential DDoS attack nodes, a concerning trend in the cyber security space. This vulnerability simply adds fuel to the fire of botnet recruitment activity that could be poised to take aim at any victim, at any time.It seems the exploit method would allow injection of commands within a “firmware update” command, and could result in malicious code being installed on the router without later detection.  The vulnerability still requires authenticated access, so the router must still be “hacked” first by gaining access. The old problem of “default passwords” is the most likely the problem in this scenario. Therefore, that makes this new vulnerability not so different to Mirai, which brute forced those logins when left at defaults.In terms of force, the CPUs in the routers are larger than the exploited cameras used in Mirai, but are not going to be vastly stronger. However, it doesn’t make much difference. It doesn’t take a lot of CPU to launch these types of attacks.”

Julian advises,“Organizations that depend on the Internet to conduct business, and value the availability and security of their customers to take proactive mitigation measures against DDoS attacks. Relying on device manufactures to increase their security standards, or home users to take action on patching and resetting default password credentials, is a losing strategy for DDoS defense.”