Approximately 40,000 botnets used for cybercrime are discovered through routers and IoT devices whose support has been discontinued | #cybercrime | #infosec

A research team from Black Lotus Labs, the cybersecurity division of technology company

Lumen , has reported that they have discovered approximately 40,000 botnets targeting obsolete SOHO routers and IoT devices.

The Darkside of TheMoon – Lumen

Researchers Discover 40,000-Strong EOL Router, IoT Botnet – SecurityWeek

According to Black Lotus Labs, cybercrime groups around the world have been conducting campaigns targeting SOHO routers and IoT devices around the world for several years. Black Lotus Labs warns that the botnet in question was first observed in 2014 and has since expanded to approximately 40,000 botnets as of February 2024, operating secretly on targeted devices. doing.

‘The majority of these botnets are used as the basis for a proxy service for a cybercriminal group called ‘Faceless,” Black Lotus Labs said. Our research shows that this is an increasing proportion of the population.’ Faceless is highly anonymous and has become an essential tool for cybercrime groups to avoid their activities being detected.

According to Black Lotus Labs, the cybercrime group infiltrated botnets into older devices that were no longer supported by manufacturers and registered them on Faceless’s network. Some of the Faceless logical maps identified by researchers were constructed in the first week of March 2024, and they also found that 6,000 ASUS routers were targeted within 72 hours.

Cybercriminal groups deliberately target devices that have unpatched existing security vulnerabilities and are no longer supported by their manufacturers, and Black Lotus Labs says, “These devices are not installed. They may have forgotten about it, or it may have been connected and then abandoned.’

That’s why Black Lotus Labs has set up appropriate firewalls to detect early signs of weak credentials or suspicious login attempts, and to protect data and assets from bots that carry out

password spray attacks. is asking to be blocked.

In addition, Black Lotus Labs ensures that routers are regularly rebooted to install security updates and patches, that devices do not use common default passwords, and that router management interfaces are properly secured. It warns you that you should make sure that It also recommended that if a device is no longer supported, it should be replaced as soon as possible.

Source link


Click Here For The Original Source.


National Cyber Security