We found an internet of things (IoT) Mirai botnet downloader exploiting CVE-2020-5902 in the wild, two weeks after getting a 10 out of 10 CVSS rating in its disclosure. Analyzing the said variant, it can also abuse nine other recently discovered security bugs in other devices.
Read More
We discovered a new Mirai variant that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants.
Read MoreWe created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.
Read More
We looked into IoT-related discussions from several cybercrime underground communities and found discussions ranging from tutorials to actual monetization schemes for IoT-related attacks. For this entry, we provide an overview of what cybercriminals see as perfect openings for attacks on IoT technologies.
Read More
We uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet. Based on the Metasploit module it exploits, the malware targets devices with the WeMo Universal Plug and Play (UPnP) application programming interface (API).
This updated iteration of Bashlite is notable. For one, its arrival method is unique in that it doesn’t rely on specific vulnerabilities (e.g., security flaws assigned with CVEs). It instead abuses a publicly available remote-code-execution (RCE) Metasploit module. It now also sports additional DDoS-related commands, and added new ones that gave the malware cryptocurrency mining and backdoor capabilities. It can also deliver malware that removes competing botnet malware.
Read More