New DDoS Campaign Exploits IoT Devices and Server Misconfigurations

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

A widespread distributed denial-of-service (DDoS) campaign leveraging accessible tools and targeting IoT devices and enterprise servers has been uncovered by security researchers.

Orchestrated by a threat actor known as Matrix, the operation highlights how minimal technical knowledge combined with public scripts can enable global scale cyber-attacks.

Matrix’s attack framework, analyzed in detail by Aqua Nautilus, focuses on exploiting vulnerabilities and misconfigurations across internet-connected devices.

The campaign employs brute-force attacks, weak credentials and known exploits to build a botnet capable of significant disruption. This reflects a growing trend where ‘script kiddies’ leverage publicly available tools to execute sophisticated attacks.

Key Characteristics of the Attack

Matrix’s operation is a comprehensive “do-it-yourself” approach, scanning, exploiting and deploying malware on:

  • Routers: Exploits include vulnerabilities such as CVE-2017-18368 andCVE-2021-20090

  • DVRs and IP cameras: Using flaws in devices with the Hi3520 platform for unauthorized access

  • Enterprise protocols: Targeting Apache Hadoop’s YARN, HugeGraph servers and SSH misconfigurations

  • IoT devices: Exploits on lightweight Linux distributions like uClinux in telecom equipment

The attacks heavily rely on default or weak passwords, with 80% of identified credentials tied to root or admin users. These tactics emphasize how failure to adopt basic security measures – such as changing factory-default credentials – exposes devices to compromise.

Target Scope and Implications

Matrix’s targets span cloud service providers (CSPs), smaller enterprises and IoT-heavy regions like China and Japan. Analysis revealed up to 35 million potential devices could be affected, suggesting a botnet of 350,000 to 1.7 million devices, depending on vulnerability rates.

The campaign underscores a shift toward exploiting corporate vulnerabilities alongside IoT systems. Historically,cryptomining dominated such attacks, but Matrix’s focus includes both production and development servers, amplifying the risk for enterprise environments.

Read more on mitigating DDoS threats: UK Council Sites Recover Following Russian DDoS Blitz

Tools and Infrastructure

Matrix utilizes a mix of Python, Shell and Golang-based scripts sourced from GitHub and other platforms. Tools likeMirai variants, SSH scanners and Discord bots highlight the integration of pre-existing frameworks into customized campaigns. The threat actor also monetizes services via Telegram, offering DDoS plans for cryptocurrency payments.

While Matrix appears to lack advanced capabilities, the ease of assembling and operating these tools exemplifies the growing risk posed by low-sophistication actors armed with accessible resources.

Addressing these threats requires robust security measures, including regular updates, strong credentials and monitoring for exposed vulnerabilities.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia
Russian Cyber Spies Target Organizations with HatVibe and CherrySpy Malware
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks
North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *