- RondoDox botnet exploits 56 vulnerabilities across 30+ internet-connected device types
- Its “exploit shotgun” approach is noisy, attracting defenders but compromising diverse hardware
- Patching devices, updating firmware, and isolating networks help prevent botnet infiltration
Security researchers are warning about RondoDox, a noisy new botnet targeting dozens of vulnerabilities in more than 30 devices.
Usually, cybercriminals would focus on one vulnerability in a specific endpoint – either a zero-day flaw, or an old, unpatched vulnerability, and try to build their botnet around that. RondoDox, however, is completely different. It currently targets 56 vulnerabilities in all sorts of hardware, with new targets being constantly added.
Security researchers from Trend Micro call this strategy “exploit shotgun”. It works well, but it’s also loud and noisy and draws the attention of defenders rather quickly.
Other services intact
A botnet is a network of bots – compromised endpoints such as routers, DVRs, CCTV systems and web cameras, smart home devices, and other internet-connected hardware.
They are used for all sorts of criminal activity, from launching Distributed Denial of Service (DDoS) attacks, to renting residential proxy services to other hackers.
RondoDox is a herald of things to come, CyberInsider argues. Cybercriminals are moving into “automated, modular exploitation of aging infrastructure at scale,” the publication claims.
The list of vulnerable devices is quite extensive, and includes heavy-hitters such as QNAP, D-Link, Netgear, TP-Link, and Linksys.
The vulnerability list includes all sorts of flaws, from those found during Pwn2Own competitions, to some that are years old and found in devices that are past their end-of-life (EoL) status.
Luckily, defending against these flaws is easy, since most of them have a patch already available. Therefore, installing the patch is the way to go. Also, keeping the firmware updated at all times, and making sure no unsupported devices are running, is a good rule of thumb not to get assimilated into a malicious botnet.
Since some of the flaws don’t have an assigned CVE and could be a zero-day, there are other measures companies should take. That includes segmenting the network, isolating critical data from internet-facing hardware and guest connections, and making sure the passwords and other login credentials are unique, strong, and frequently updated.
At press time, the campaign is still active.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
