Hybrid Cloud Security
Data Center & Virtualization
Security Fit for DevOps
Solutions for Security Teams
Advanced Threat Protection
Endpoint & Gateway Suites
SaaS Application Security
Endpoint Detection & Response
Point of Sale
All Products and Trials
Centralized Visibility & Investigation
Global Threat Intelligence
Connected Threat Defense
Breaking News & Intelligence
Simply Security Blog
Security Intelligence Blog
UK Security Blog
Education & Certification
Glossary of Terms
Research & Reports
The Deep Web
Internet of Things (IoT)
Zero Day Initiative (ZDI)
Login to Support
Virus & Threat Help
Renewals & Registration
Free Cleanup Tools
Find a Support Partner
Pre-Sales Technical Advice
For popular products:
Find a Partner (Reseller, CSP, MSP)
Become a Partner (Reseller, Integrator)
All Alliance Partners
Customer Success Stories
Corporate Social Responsibility
Diversity & Inclusion
Internet Safety and Cybersecurity Education
Find a Partner
1-877-218-7353(M-F 8-5 CST)
Learn of upcoming events
Social Media Networks
+44 (0) 203 549 3300
Updated on August 27, 2019 at 8:52 PM PST to add solution rules.
Another Mirai offshoot spotted: A variant of the Echobot botnet was found using over 50 exploits that lead to remote code execution (RCE), arbitrary command execution, and command injection in internet of things (IoT) devices.
Security researcher Carlos Brendel Alcañiz first tweeted about the different exploits the variant uses to propagate. The payloads dropped by the malware show that the operator behind the variant relies on old and known exploits, some of them dating back to 2010. Moreover, the code used is available in multiple public exploit repositories.
The malware dropper was reportedly hosted on an open server, in a file called Richard. What’s particularly noteworthy about the variant is that the exploits it uses do not target specific types of products or devices. BleepingComputer lists the wide range of devices the variant can affect, which includes network attached storage (NAS) devices, routers, security cameras, smart home hubs. The full list of exploits used by this particular Echobot variant is listed here.
[RELATED TREND MICRO RESEARCH: Mirai variant uses a combination of 13 exploits]
The number of payloads may be high, but this should not come as a surprise given that the Mirai malware’s source code was leaked in 2016. Malware authors have since come up with different variants and derivatives for campaigns that compromised many connected devices, usually through default or weak credentials.
Discovered by Palo Alto Networks researchers, Echobot was initially found using 18 exploits, followed by an Akamai report that described it incorporating 26 exploits. Trend Micro also reported about an Echobot variant that targets routers and other IoT devices with multiple exploits. The particular variant takes advantage of multiple publicly available proofs of concepts (PoCs) and Metasploit modules.
[READ: Mirai variant targets routers and other IoT devices with multiple exploits]
Securing connected devices against Mirai and its offshoots
Malware authors have been putting their own spin on the infamous IoT malware since its discovery in 2016. Many botnets have since cropped up to attack devices, and this will likely continue. Based on related malicious activities in the past, hackers usually rely on attacking unpatched devices and those that use default settings and credentials. While device manufacturers play important roles in securing the devices, users and enterprises should also adopt best practices for added protection, such as:
[SECURITY 101: Protecting wireless networks against hacking and eavesdropping]
In addition to the aforementioned best practices, users can employ comprehensive protections such as the Trend Micro™ Security and Trend Micro™ Internet Security solutions, which offer effective safeguards against threats to IoT devices through features that can detect malware at the endpoint level. Connected devices can also be protected by security software such as the Trend Micro™ Home Network Security and Trend Micro Smart Home Network™ (SHN) solutions, which can check internet traffic between the router and all connected devices. The Trend Micro™ Deep Discovery™ Inspector network appliance can monitor all ports and network protocols for advanced threats and protect enterprises from targeted attacks.Users of the Trend Micro Smart Home Network™ solution are protected from particular vulnerabilities and related attacks via these rules:
Like it? Add this infographic to your site:1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.