Vigilantes – Hajime
Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. Hajime, like Mirai before it, takes advantage of factory-set (default) username and password combinations to brute-force its way into unsecured devices with open Telnet ports. Analysis from Rapidity Networks is found here.
- Mirai and Hajime Locked Into IoT Botnet Battle. threatpost
- Hajime, the mysterious evolving botnet. SecureList
- Hajime Botnet is Now 300,000-Strong. infosecurity-magazine
- Hajime Botnet Reaches 300,000 Hosts With No Malicious Functions. darknet
- A vigilante is putting a huge amount of work into infecting IoT devices. arstechnica
[Comment] We need to ask ourselves: (1) why do we make it so easy for compromises to happen by not bothering to change default passwords/usernames, and (2) telnet! hard-coded passwords! – are you serious, let’s demand more basic security from these IoT products.
Disclosure fall-out – ShadowBrokers
- Script kiddie bonanza – exploit code is released and scans show tens of thousands of Windows servers infected with the DoublePulsar kernel exploit.
- SWIFT – exploiting global financial messaging, how many service bureaus were compromised?
- Microsoft anticipatory patches – how did Microsoft patch so quickly, before the disclosure no less. Did NSA tip Microsoft off on the extent/particulars of the disclosure?
- EOL – thousands of vulnerable systems, with no patch available from Microsoft, are now being actively exploited.
- Leaked NSA Hacking Tools Being Used to Hack Thousands of Vulnerable Windows PCs. thehackernews
- NSA’S DOUBLEPULSAR Kernel Exploit in use Internet-wide. threatpost
- Tens of thousands Windows systems implanted with NSA’s DoublePulsar. helpnetsecurity
- NSA-leaking Shadow Brokers just dumped its most damaging release yet. arstechnia
- Protecting customers and evaluating risk. Microsoft Technet
- Microsoft Says It Has Patched Leaked NSA Hacks. Fortune
[Comment] The unintended fallout of this is that a few of these exploits target systems that are EOL. Thus, no patches available. Now you would think that doesn’t matter as – who would still have EOL systems facing the Internet?
Upgrades – Fileless malware
So why is fileless malware so dangerous, and why will it continue to expand for the foreseeable future? In simple terms. It works. Although there are a lot of good malware detection systems that are capable of detecting and controlling fileless malware, most are not.
- Hard Target: Fileless Malware. threatpost
- Why Fileless Malware will Continue Its Rapid Expansion. lastline
- Will Fileless Malware Push the antivirus Industry into Oblivion? helpnetsecurity