In a newly published report by Aqua Security Assaf Morag said that more than 35 million devices identified as vulnerable worldwide.
The distributed denial-of-service (DDoS) campaign was masterminded by a threat actor named Matrix.
Morag said it “demonstrates a growing trend among threat actors to target vulnerabilities and misconfigurations across internet-connected devices, particularly IoT and enterprise systems.”
This cyber antagonist has utilised a combination of public scripts, brute-force attacks, and weak credentials exploitation to assemble a formidable botnet.
The Aqua Security report suggests that the Matrix threat actor is likely Russian, but is not targeting of Ukrainian victims, so the motivation is purely financial rather than political.
What the threat intelligence does highlight, however, is the continuing evolution of the DDoS threat within an ever-changing landscape “where even script kiddies can leverage open-source tools to execute sophisticated and large-scale campaigns,” Morag said.
“In addition to IoT devices, the attackers are also targeting common protocols and applications such as telnet, SSH, Hadoop, and HugeGraph, exploiting vulnerabilities and misconfigurations to gain access to more robust server infrastructure.”
Unfortunately, many of the attacks used to acquire such initial access to connected devices involve bog-standard brute-force credential login attempts.
These were found to be using common default credentials like admin:admin or root:camera which continue to be prevalent on unprotected devices, making them particularly vulnerable to compromise.” And once any of these devices have been compromised, of course, they become very valuable assets within a much larger-scale operation than an attacker using a single hacked device could ever hope to achieve.