Echobot, the botnet that targets IoT devices, has infected a third of companies worldwide
Botnets return to worry. Echobot, the new version of Mirai, targets IoT devices while Emotet, dismantled in June, is back in business, raising concerns among security experts.
Check Point has published the Global Threat Index of August 2019, a report that takes stock of the most widespread threat situation in August. A major concern is botnets, in particular Echobot, an evolution of Mirai. Echobot targets IoT devices exploiting 50 vulnerabilities, especially Command Injection Over http, and is particularly aggressive: Check Point estimates that it has affected 34% of organizations globally.
Emotet, which was the most active botnet in the first few months of 2019, also raises concerns. It had ceased operations around June but, after a couple of months of inactivity, they were resumed. The Check Point researchers did not record offensive campaigns from Emotet but assume that in the short term, it will be used for spam campaigns.
” Echobot was first seen in mid-May and being a new variant of the well-known IoT Mirai Botnet, it is important to note the sharp increase in usage, given that it is now exploiting over 50 different vulnerabilities ” – said Maya Horowitz, Check Point Director, Threat Intelligence & Research, Products – ” Echobot has had an impact on 34% of companies worldwide, which shows how vital it is for organizations to ensure the installation of all patches and updates to their own networks, software and IoT devices “.
The most common malware
The ” ranking ” of the most common threats in August does not change compared to the previous month and the first three places are XMRig, Jsecoin and Dorkbot.
The first two are cryptocurrency miners, while Dorkbot is an IRC-based worm designed to allow fraudsters to execute remote code.
As for threats for mobile devices, the main ones are, in order of dissemination, Lotoor, AndroidBauts and Triada.
Lotoor exploits known vulnerabilities of Android systems to get root permissions on infected mobile devices, while AndroidBauts is an Android adware capable of extracting information about IMEI, IMSI, GPS position and allowing the installation of third-party applications. Triada exploits the weaknesses of Android devices to grant administrative privileges to downloaded malware.