Light Dark
April 22, 2020 By David Bisson 2 min read

Security researchers observed Moobot and other botnets attempting to exploit a zero-day vulnerability in order to compromise fiber routers.

The Network Security Research Lab at 360 detected Moobot abusing the zero-day vulnerability beginning in late February 2020. The exploit involved two steps at the time of analysis. For it to work, digital attackers needed to leverage another vulnerability along with the zero-day flaw.

Not all threat actors who attempted to exploit the zero-day weakness realized the need for another security flaw. This fact became evident in mid-March when the Gafgyt malware tried using a Netlink GPON router remote command execution vulnerability PoC released by Exploit Database, which matched the vulnerability abused by Moobot a month earlier. Gafgyt conducted an internet-wide scan using the exploit, but because it did not leverage another vulnerability, the scan mostly failed.

The same thing happened when digital attackers attempted to spread the Fbot botnet using the flaw. Without the incorporation of another vulnerability, many of the exploit attempts failed.

A Look Back at Moobot’s Recent Activity

Security professionals with the Network Security Research Lab at 360 first came across Moobot back in September 2019. At that time, the team observed the malware using Mirai’s scanning technique to scour the internet for vulnerable devices. It was just a few months later when Network 360 reached out to the equipment manufacturer LILIN after observing multiple attack groups exploiting zero-day vulnerabilities in its DVRs to spread Moobot and other botnets.

How to Defend Against Zero-Day Vulnerabilities

Infosec personnel can help defend their organizations against zero-day vulnerabilities by checking for firmware updates that affect their routers. This process will likely involve registering their devices and signing up for email alerts. Companies should also consider deploying tools that use artificial intelligence (AI) for the purpose of detecting malicious behaviors, such as attempted exploitation of flaws that have yet to be publicly disclosed.

 |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

April 24, 2024

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature