fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New ZHtrap Botnet Malware Deploys Honeypots To Find More Targets

New ZHtrap Botnet Malware Deploys Honeypots To Find More Targets

A new botnet is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots that help it find other targets to infect.

The malware, dubbed ZHtrap by the 360 Netlab security researchers who spotted it, is loosely based on Mirai’s source code, and it comes with support for x86, ARM, MIPS, and other CPU architectures.

Takes over infected devices

Once it takes over a device, it prevents other malware from re-infecting its bots with the help of a whitelist that only allows already running system processes, blocking all attempts to run new commands.

ZHtrap bots use a Tor command-and-control (C2) server to communicate with other botnet nodes and a Tor proxy to conceal malicious traffic.

The botnet’s main capabilities include DDoS attacks and scanning for more vulnerable devices to infect. However, it also comes with backdoor functionality allowing the operators to download and execute additional malicious payloads.

To propagate, ZHtrap uses exploits targeting four N-day security vulnerabilities in Realtek SDK Miniigd UPnP SOAP endpoints, MVPower DVR, Netgear DGN1000, and a long list of CCTV-DVR devices.

It also scans for devices with weak Telnet passwords from a list of randomly generated IP addresses and collected with the help of the honeypot it deploys on devices already ensnared in the botnet.

Also Read: The Difference Between GDPR and PDPA Under 10 Key Issues

ZHtrap architecture
Image: 360 Netlab

Bots used as honeypots

ZHtrap’s most interesting feature is how it turns infected devices into honeypots to collect IP addresses of more targets likely vulnerable to its propagation methods or already infected by other malware.

Once deployed, ZHtrap’s honeypot starts listening to a list of 23 ports, and it sends all IPs connecting to them to its scanning module as potential targets in its attacks.

“Compared to other botnets we have analyzed before, the most interesting part of ZHtrap is its ability to turn infected devices into honeypot,” 360 Netlab said.

“Honeypots are usually used by security researchers as a tool to capture attacks, such as collecting scans, exploits, and samples.

“But this time around, we found that ZHtrap uses a similar technique by integrating a scanning IP collection module, and the collected IPs are used as targets in its own scanning module.”

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

360 Netlab researchers have also recently spotted an upgraded version of the z0Miner cryptomining botnet, which now attempts to infect vulnerable Jenkins and ElasticSearch servers to mine for Monero (XMR) cryptocurrency.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us