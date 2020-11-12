Expert Comments

CEO Perspective On Muhstik IoT Botnet Infecting Cloud Servers & Mining Crypto

by Security Experts
by Security Experts

Researchers with Lacework have published new findings on Muhstik, the long-active botnet currently employing several web application exploits to mine cryptocurrency and target Oracle WebLogic and Drupal. The botnet is monetized via XMRig, cgmining and with DDoS attack services. 

Lacework researchers note: “Muhstik leverages IRC for its command and control and has consistently used the same infrastructure since its inception. The primary method of propagation for IoT devices is via home routers however there are multiple attempted exploits for Linux server propagation. Targeted routers include GPON home router, DD-WRT router, and the Tomato router…  (its activities are) tied to cryptomining and Linux backdoors.

Experts Comments

Dot Your Expert Comments
Saryu Nayyar
November 12, 2020
CEO
Gurucul
Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options.
Lacework\'s analysis of the Muhstik botnet is interesting on several levels, especially in its command and control infrastructure. Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options, but was once the method of choice for botnet control. The Muhstik authors have gone old school here, while targeting IoT devices, cloud servers, and home .....Read More
Lacework\'s analysis of the Muhstik botnet is interesting on several levels, especially in its command and control infrastructure. Internet Relay Chat (IRC) has been largely forgotten in this day of myriad web and application based chat options, but was once the method of choice for botnet control. The Muhstik authors have gone old school here, while targeting IoT devices, cloud servers, and home routers. The fact that this botnet has remained in operation for over two years shows how hard it can be to effectively contain and eradicate these threats. Fortunately, it is relatively easy to identify and disrupt this botnet\'s C2 traffic. Simple firewall rules can stop traffic to identified C2 nodes, while security analytics can easily detect the behaviors associated with an infected host or the botnet\'s spread.  Read Less

If you are an expert on this topic:

Dot Your Expert Comments
0
FacebookTwitterPinterestEmail

You may also like

Experts Reacted Microsoft’s New Patch Tuesday Format: “A Bad Move”...

Research Shows Why You Should Keep Your Netflix Password To...

How A Delayed Presidential Transition Threatens US Cybersecurity

Zoom/FTC Settlement – Expert Source

Ransomware Gang Hacks Facebook Account To Run Extortion Ads –...

Malicious Use Of SSL Increases As Attackers Deploy Hidden Attacks

Almost Four-In-Ten Data Breaches Are Caused By Stressed, Tired Employees

Experts On 5.8 Million RedDoorz User Records For Sale On...

EU Paper Hints At Further Steps Towards Banning Encryption

Security Expert Re: Scammers Impersonate IRS, Threaten Legal Action As...