Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Mozi malware modified to present a more potent threat to industrial control systems

Attackers have developed the Mozi botnet so that the malware can achieve persistence on routers and network gateways.

Mozi is a peer-to-peer botnet, active for two years since 2019, that spreads to IoT devices by using known vulnerabilities and weak (default) Telnet passwords.

Infected devices have typically been used as a platform to launch denial of service attacks or send spam.

The malware spreads across devices including digital video recorders and networking equipment.

Security researchers at Microsoft warn that Recent changes have allowed the malware to achieve persistent infection on networking gateways made by Netgear, Huawei, and ZTE.

Tailored or be-spoke techniques are used in each case to achieve persistence such that infections persist after device reboots, as part of development to the malware that serve to make it a more potent threat, particularly to industrial control systems.

Microsoft security threat researchers warn: “Adversaries can search the internet for vulnerable devices via scanning tools like Shodan, infect them, perform reconnaissance, and then move laterally to compromise higher value targets – including information systems and critical industrial control system (ICS) devices in the operational technology (OT) networks.”

Infecting routers offers attackers a foothold on enterprise or OT networks that can be used to penetrate more deeply into targeted networks. The approach can be used to plant ransomware or even sabotage component systems in industrial plants.

By infecting routers, they can perform man[ipulator]-in-the-middle (MitM) attacks via HTTP hijacking and DNS spoofing to compromise endpoints and deploy ransomware or cause safety incidents in OT facilities,” the Microsoft researchers warn in a recent blog post on proactive defences.

The post goes on to offer additional detail of an infection chain associated with the malware as well as proactive defence on how enterprises can harden systems against attack.

Defences involve measures such as following password security best practices and ensuring devices are patched and up-to-date.

Source: https://portswigger.net/daily-swig/mozi-malware-modified-to-present-a-more-potent-threat-to-industrial-control-systems

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO