Wednesday, August 28, 2024

Unpatchable 0-day in surveillance cam is being exploited to install Mirai


The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

Enlarge (credit: Getty Images)

Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mirai, a family of malware that wrangles infected Internet of Things devices into large networks for use in attacks that take down websites and other Internet-connected devices.

The attacks target the AVM1203, a surveillance device from Taiwan-based manufacturer AVTECH, network security provider Akamai said Wednesday. Unknown attackers have been exploiting a 5-year-old vulnerability since March. The zero-day vulnerability, tracked as CVE-2024-7029, is easy to exploit and allows attackers to execute malicious code. The AVM1203 is no longer sold or supported, so no update is available to fix the critical zero-day.

That time a ragtag army shook the Internet

Akamai said that the attackers are exploiting the vulnerability so they can install a variant of Mirai, which arrived in September 2016 when a botnet of infected devices took down cybersecurity news site Krebs on Security. Mirai contained functionality that allowed a ragtag army of compromised webcams, routers, and other types of IoT devices to wage distributed denial-of-service attacks of record-setting sizes. In the weeks that followed, the Mirai botnet delivered similar attacks on Internet service providers and other targets. One such attack, against dynamic domain name provider Dyn paralyzed vast swaths of the Internet.

Read 6 remaining paragraphs | Comments

Reference : https://ift.tt/2MUmgHK

No comments:

Post a Comment

The Top 10 Energy Stories of 2024

IEEE Spectrum’ s most-read energy stories of 2024 centered on creative ways to produce, store and connect more carbon-free energy. Our re...