P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices

The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor.
P2PInfect, a self-replicating worm written in the Rust programming language, was first detected this summer targeting primarily unpatched Redis instances through the critical Lua sandbox escape vulnerability and an unauthorized replication attack that loads a malicious Redis module.
The latest variant targets embedded devices that are based on the 32-bit MIPS processors and tries to brute-force SSH access into the systems, according to Matt Muir, threat intelligence researcher with Cado Security Labs.
MIPS processors are commonly used in embedded devices and have been targeted in the past by botnet malware developers, such as Mirai and its myriad variants, Muir wrote in a blog post.
In their initial report about P2PInfect, researchers with Palo Alto Networks' Unit42 cyber unit noted that the botnet was targeting of Redis instances, which can run on both Windows and Linux.
P2PInfect's expansion of targets into IoT and similar devices dovetails with a larger trend.
A report by Check Point threat researchers found that in the first two months of this year, there was a 41% year-over-year increase in the average number of weekly attacks per organization on IoT devices, and that on average, 54% of organizations see an attempted attack on IoT devices.
The botnet is a peer-to-peer self-replicating worm designed to spread widely, as seen in its use of Rust, according to Unit42 researchers.
Muir wrote in an earlier report in September that there was a jump in P2PInfect incidents in August and 600-fold increase in P2PInfect traffic the following month.
These variants indicated that the designers behind P2PInfect were accelerating their development of the malware.
Most of the compromises then were seen in the United States, Germany, the UK, and countries in Asia, including China, Hong Kong, Japan, and Singapore.
Muir wrote that Cado researchers detected the MIPS variant of P2PInfect after sorting through files uploaded to a SSH honeypot.
SSH is a network protocol that allows users to securely access a computer over an unsecured network.
P2PInfect variants had been seen scanning for SSH servers and spread the malware through SSH, Cado researchers hadn't yet seen a P2PInfectx sample successfully use the method.
That said, Muir wrote that it's not clear whether running Redis on an embedded MIPS device is commonly seen in the wild or how such a combination is used.
Included in the MIPS variant were new evasion techniques, including enabling the malware to detect if it's being analyzed and, if so, terminating itself.
The botnet may try to disable Linux core dumps, which is a file created automatically by the Linux kernel after a program crashes.
The file includes the memory, register values, and call stack of an application at the point the system crashed.
Preventing the core dump could also ensure that the MIPS devices remains available, he wrote.
Such low-powered embedded devices won't have a lot of local storage available and core dumps could quickly eat up with little storage they have, which could hurt the performance of the device itself.


This Cyber News was published on securityboulevard.com. Publication date: Mon, 04 Dec 2023 16:43:39 +0000


Cyber News related to P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices

P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices - The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor. ...
10 months ago Securityboulevard.com
MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
10 months ago Packetstormsecurity.com
Stealthier version of P2Pinfect malware targets MIPS devices - The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS processors, such as routers and IoT devices. Due to their efficiency and compact design, MIPS chips are prevalent in embedded systems like routers, ...
10 months ago Bleepingcomputer.com
Rust-Based Botnet P2Pinfect Targets MIPS Architecture - The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published ...
10 months ago Infosecurity-magazine.com
IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
7 months ago Securityzap.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
8 months ago Securityzap.com
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
9 months ago Feeds.dzone.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
9 months ago Bleepingcomputer.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
7 months ago Securityboulevard.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
9 months ago Securityzap.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
10 months ago Bleepingcomputer.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
4 months ago Packetstormsecurity.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
4 months ago Tripwire.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
8 months ago Darkreading.com
RUBYCARP hackers linked to 10-year-old cryptomining botnet - A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain. According to a new report by Sysdig, RUBYCARP currently operates a ...
5 months ago Bleepingcomputer.com
How To Improve Security Capacities of The Internet of Things? - The security of the Internet of Things is one of the main challenges of today. Many IoT assets could get an easy target to cyber attacks and it's highly recommended to somehow cope with these requirements. The best practice is something that would ...
8 months ago Cyberdefensemagazine.com
Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID - PRESS RELEASE. EAST BRUNSWICK, N.J., Feb. 14, 2024 /PRNewswire/ - Somos, Inc., an industry expert in identity management, fraudprevention and data services who is recognized as a leading provider of solutions that foster trust in voice and messaging, ...
7 months ago Darkreading.com
Volt Typhoon-Linked SOHO Botnet Infects Multiple US Gov't Entities - Researchers have discovered an Internet of Things botnet linked with attacks against multiple US government and communications organizations. It comes built with a series of stealth mechanisms and the ability to spread further into local area ...
9 months ago Darkreading.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
Russian admits building now-dismantled IPStorm proxy botnet The Register - The FBI says it has dismantled another botnet after collaring its operator, who admitted hijacking tens of thousands of machines around the world to create his network of obedient nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in ...
10 months ago Theregister.com
The key to connected care excellence - Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the ...
9 months ago Blog.checkpoint.com
Feds go Fancy Bear hunting, take down Russia's GRU botnet The Register - The US government today said it disrupted a botnet that Russia's GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets. Moobot ...
7 months ago Go.theregister.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
7 months ago Bleepingcomputer.com
US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon - The US government on Wednesday announced a major takedown of a botnet full of end-of-life Cisco and Netgear routers after researchers warned it was being used by Chinese state-backed hackers as a covert communications channel. The disruption comes ...
8 months ago Securityweek.com
Insights from Billington Cybersecurity Summit 2023: The Enhanced Threat Surface of 5G/6G & IOT - From September 5th to September 8th of 2023, Billington Cybersecurity hosted its 14th annual Cybersecurity Summit in Washington, D.C. Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S. government and ...
8 months ago Cyberdefensemagazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)