It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them.
Worse: a new malware strain called Amnesia is targeting TVT devices, recruiting them into a botnet alongside other devices with remote code execution bugs, estimates of whose number ranges up to 705,000 targets.
Last year, an IoT worm called Mirai hijacked PVRs, CCTVs and other devices and directed floods of traffic that were so voluminous they took down Level 3 (a tier one backbone provider).
Now, according to a report published yesterday by cyber-security firm Palo Alto Networks, TVT devices are yet again targeted by another IoT malware that's building a huge botnet for launching DDoS attacks.
Nicknamed Amnesia, this new malware strain is based on an older version of the Tsunami IoT/Linux DDoS botnet malware. This new Tsunami alteration is particularly advanced because this appears to be the first version of IoT malware that includes sandbox detection features, usually found in Android and Windows malware.
This self-protection feature allows the malware to detect when security experts or security products execute the malware inside a virtual machine. According to researchers, the malware's response is something that's not been seen before, with Amnesia deleting the entire VM filesystem, most likely out of revenge after being uncovered, and desperately attempting to hide its tracks.
New IoT/Linux Malware Targets DVRs, Forms Botnet
[Claud Xiao, Cong Zheng and Yanhui Jia/Palo Alto Networks]
Irresponsible Chinese DVR Vendor Still the Target of IoT Botnets One Year Later
[Catalin Cimpanu/Bleeping Computer]
It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.
A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable.
Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks.
Trains may not be the most popular means of conveyance nowadays, but chances are you grew up playing with toy trains or building a model set to wrap around the Christmas tree. In either case, it’s safe to say that locomotives have long carried a unique sense of awe and scale, especially when they’re hundreds […]
When it comes to redesigning or renovating a living space, envisioning changes before they occur can be tricky for most. Thankfully, the web is home to tools that can remove some of the guesswork, like Live Home 3D Pro for Mac. This app lets you create detailed and furnished floor plans for everything from sheds and […]
For many startups and fledgling businesses, web hosting — and the fees associated with it — can take a sizeable chunk out of the company budget and limit growth down the road. But, that’s not to say there aren’t hosts out there who can get your site online while staying within your budget. Arch Hosting is a […]