Floods of WordPress attacks traced to easily hackable, ISP-supplied routers

Wordfence, a security research company, discovered that the reason Algeria is the country most often seen in attacks on WordPress blogs is that the country's largest ISP distributes home routers that are locked in an insecure state, with an open port that lets attackers seize control of them and use them to stage attacks on higher-value targets. Read the rest

The Internet of Things will host devastating, unstoppable botnets

Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design. Read the rest

A year later, no action from Chinese company whose insecure PVRs threaten all internet users

It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them. Read the rest

Seafood-related queries from own internet-connected vending machines brought college network to its knees

A university, mercifully left unnamed, blew off complaints from students about its slow network. When the problem became too bad to ignore, their IT team found the culprit thanks to a "sudden big interest in seafood-related domains."

The firewall analysis identified over 5,000 discrete systems making hundreds of DNS lookups every 15 minutes. Of these, nearly all systems were found to be living on the segment of the network dedicated to our IoT infrastructure. With a massive campus to monitor and manage, everything from light bulbs to vending machines had been connected to the network for ease of management and improved efficiencies. While these IoT systems were supposed to be isolated from the rest of the network, it was clear that they were all configured to use DNS servers in a different subnet. ... botnet spread from device to device by brute forcing default and weak passwords. Once the password was known, the malware had full control of the device and would check in with command infrastructure for updates and change the device’s password – locking us out of the 5,000 systems.

The Internet of Hacked Things strikes again! I'm sure some content filtering and updating passwords will do the trick. Read the rest

Researchers discover hundreds of thousands of unsuspected, Star Wars-themed twitterbots hiding in plain sight

Twitter is a great place for bots. Botherders like Shardcore produce amazing, politics, artistic bots that mine Twitter, inject useful information into Twitter, or just frolic on Twitter, making it a better place. Twitterbots produce entries in imaginary grimoires, conduct sociological research, produce virtual model railroads, alert the public when governments try to make bad news disappear, and much, much more. Read the rest

The Mirai worm is gnawing its way through the Internet of Things and will not stop

The Mirai worm made its way into information security lore in September, when it was identified as the source of the punishing flood of junk traffic launched against Brian Krebs in retaliation for his investigative reporting about a couple of petty Israeli criminals; subsequent analysis showed Mirai to be amateurish and clumsy, and despite this, it went on to infect devices all over the world, gaining virulence as it hybridized with other Internet of Things worms, endangering entire countries, growing by leaps and bounds, helped along by negligent engineering practices at major companies like Sony. Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries

Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish

Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet

When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries. Read the rest

Ukrainian botmaster who tried to frame Brian Krebs extradited to US

When security-researcher/hornet-nest-kicker Brian Krebs outed Sergey "Flycracker" Vovnenko as administrator of a darknet crime site and botmaster of a 13,000-PC-strong botnet used to attack sites and launder stolen data, Vovnenko allegedly masterminded a plot to frame Krebs by mailing him heroin. Read the rest

Malware authors use Gmail drafts as dead-drops to talk to bots

Once you've successfully infected your victim's computer with malware, you want to be able to send it orders -- so you spawn an invisible Internet Explorer window, login to an anonymous Gmail account, and check in the Drafts folder for secret orders. Read the rest