Criminals have secretly hijacked more than 14,000 devices worldwide to carry out attacks that are almost impossible to protect against, security researchers have warned. Many devices infected by the sophisticated new malware, called ‘KadNap’, are Asus routers, which are being used to route malicious traffic to carry out large-scale cyberattacks. Details of the KadNap botnet were shared by the cybersecurity firm Lumen in a new report, which revealed that it is using a decentralized peer-to-peer system to avoid network detection.[1]
A botnet is created by compromising the security of internet-connected devices, which can range from routers to smart fridges. These devices are then covertly hijacked and linked together to carry out distributed-denial-of-service (DDoS) attacks, which overwhelm websites and online services with traffic to knock them offline. “As modern society increasingly relies on internet-exposed Internet of Things (IoT) devices, the opportunities for malicious actors to exploit vulnerabilities continue to abound,” Lumen’s report stated. “Threat actors are building large-scale botnets specifically designed to hijack devices in this growing pool of targets, using them to route traffic and evade detection by network security systems.”
The majority of KadNap victims are located in the US, though security researchers have identified infected devices in the UK, Australia, Brazil, Russia, and across Europe. For the average owner of an Asus router infected with KadNap, the malware would be undetectable beyond internet speeds, feeling slightly sluggish at times. Its decentralized design means there is no central server that could be easily shut down by law enforcement, making the KadNap botnet incredibly resilient to attempts to dismantle it.
“Their intention is clear: avoid detection and make it difficult for defenders to protect against,” Lumen’s report concludes. “KadNap’s bots are sold through Doppelganger, a service whose users leverage these hijacked devices for a range of malicious purposes, including brute-force attacks and highly targeted exploitation campaigns. As a result, every IP address associated with this botnet represents a significant, persistent risk to organizations and individuals alike.”
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information (CTI) via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.msn.com/en-gb/news/uknews/criminals-hijack-devices-to-create-never-before-seen-cyber-weapon/ar-AA1YuV3z/
Comments