fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Moobot Botnet Spreading via Hikvision Camera Vulnerability

Moobot Botnet Spreading via Hikvision Camera Vulnerability

A Mirai-based botnet called ‘Moobot’ is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.

Hikvision is a state-owned Chinese manufacturer of surveillance cameras and equipment that the US government sanctioned due to human rights abuse.

This vulnerability is tracked as CVE-2021-36260 and can be exploited remotely by sending specially crafted messages containing malicious commands.

Hikvision fixed the flaw back in September 2021 with a firmware update (v 210628), but not all users rushed to apply the security update.

Fortinet reports that Moobot is leveraging this flaw to compromise unpatched devices and extract sensitive data from victims.

Also Read: A Look at the Risk Assessment Form Singapore Government Requires

The infection process

The exploitation of the flaw is fairly simple, given that it doesn’t require authentication and can be triggered by sending a message to a publicly exposed vulnerable device.

Request exploiting the flaw
Request exploiting the flaw
Source: Fortinet

Among the various payloads that leverage CVE-2021-36260, Fortinet found a downloader masked as “macHelper,” which fetches and executes Moobot with the “hikivision” parameter.

The malware also modifies basic commands like “reboot” so that they do not function properly and will prevent the administrator from rebooting the compromised device.

A new spin of Mirai

Fortinet’s analysts have spotted common points between Moobot and Mirai, such as the data string used in the random alphanumeric string generator function.

Moreover, Moobot features some elements from Satori, a different Mirai variant whose author was arrested and sentenced in the summer of 2020.

Also Read: CCTV Law Singapore Edition: Know Your Rights and Responsibilities

Similarities with Satori include:

  • Using a separate downloader.
  • The forking of the “/usr/sbin*” process.
  • Overwriting the legitimate “macHelper” file with the Moobot executable.

It is essential to underline that this is not the first time Moobot was spotted in the wild, as researchers at Unit 42 first discovered it in February 2021.

However, the fact that the botnet is still adding new CVEs indicates that it is being actively developed and enriched with new targeting potential.

Enlisting you into a DDoS army

The goal of Moobot is to incorporate the compromised device into a DDoS swarm. 

The C2 sends an SYN flood command along with the target IP address and port number to attack.

The attack flow of Moobot
The attack flow of Moobot
Source: Fortinet

Other commands that the C2 server may send include 0x06 for UDP flood, 0x04 for ACK flood, and 0x05 for ACK+PUSH flood.

By looking into the captured packet data, Fortinet could track down a Telegram channel that started offering DDoS services last August.

Having your device enlisted in DDoS swarms results in increased energy consumption, accelerated wear, and causes the device to become unresponsive.

The best way to protect your IoT devices from botnets is to apply available security updates as soon as possible, isolate them in a dedicated network, and replace the default credentials with strong passwords.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us