Connect with us

Business

EwDoor Botnet Emerges to Target AT&T Customers

Published

on

Botnets are on a roll. Since the beginning of this year, several new botnets have emerged en masse to target IoT devices across the globe. And, the list just got big with the addition of a new variant of the EwDoor botnet.

EwDoor actively targets U.S. customers

  • Discovered by Netlab researchers, the new version of EwDoor is an update to version 0.16.0 of the botnet that had first surfaced on November 15.
  • The researchers have been tracking the botnet since late October, during which the malware went through at least three versions.
  • However, the new version includes exploits for the n-day vulnerability affecting EdgeMarc Enterprise Session Border Controller devices from AT&T.
  • Among its other features, the botnet is capable of launching DDoS attacks, pilfering sensitive data, executing arbitrary commands, updating itself, and launching reverse shells on compromised servers.
  • According to Netlab’s telemetry, the botnet has so far affected all 5,700 AT&T users located in the U.S.

Evasion technique also improved

  • The botnet uses TLS encryption to block network traffic interception attempts and encrypts resources to evade detection.
  • The C2 has been moved from local to the cloud and sent by BT tracker to prevent direct extraction by the IoC system.
  • The malware authors have also added a high kernel version of the Linux sandbox to bypass detection.

More details about the vulnerability

  • The vulnerability in question is a blind command injection flaw (CVE-2017-6079), which is being widely exploited by hackers to hack into unpatched EdgeMarc servers.
  • Internet-wide scan suggests that there are more than 100,000 devices with SSL certificates mounted on EdgeMarc VoIP servers, but it’s unclear how many of these devices are vulnerable to the flaw.

The takeaway for users

AT&T has begun an investigation into the matter and at the same time, taken necessary actions to mitigate threats from the botnet. Furthermore, it confirmed that there is no evidence that customer data was accessed in the attacks.

Source: https://cyware.com/news/ewdoor-botnet-emerges-to-target-att-customers-d235161f

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO