First discovered in 2014, Gafgyt (also known as Bashlite) generally targets vulnerable IoT devices such as Huawei routers, Realtek routers, and ASUS devices, and in turn also uses exploits to hack and access computers. According to the researchers, the Gafgyt malware variants have a very similar functionality to Mirai, since most of the code was copied.<\/p>\n\n\n\n
Meanwhile, the latest versions of Gafgyt contain new approaches to achieving the initial engagement of IoT devices, Uptycs discovered; This is the first step in turning infected devices into bots and then DDoS attacks on specific IP addresses. These include a module copied from Mirai for Telnet brute force and additional exploits for existing vulnerabilities on Huawei, Realtek and GPON devices.<\/p>\n\n\n\n
Recent versions of Gafgyt also incorporate a brute-force telnet scanner, copied from Mirai, as well as the GPON exploit (CVE-2018-10561), which is used to bypass authentication on vulnerable Dasan GPON routers.<\/p>\n\n\n\n
IoT botnets like Gafgyt are constantly evolving. For example, researchers in March discovered what they said is the first variant of the Gafgyt botnet family that hides its activity using the Tor network and thus botnets are a threat that should not be ignored.<\/p>\n\n\n\n
Malware authors may not always innovate, and researchers often find that malware authors copy and reuse leaked malware source code, \u201dUptycs said. To prevent such attacks, users should regularly monitor suspicious processes, events, and network traffic generated by running any untrusted binaries, and keep systems and firmware up-to-date with the latest versions and patches remember that you can never be prepared enough.<\/p>\n\n\n\n
Check also: First discovered in 2014, Gafgyt (also known as Bashlite) generally targets vulnerable IoT devices such as Huawei routers, Realtek routers, and ASUS devices, and in turn also uses exploits to hack and access computers. According to the researchers, the Gafgyt malware variants have a very similar functionality to Mirai, since most of the code was […]<\/p>\n","protected":false},"author":1,"featured_media":2477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[36],"class_list":["post-2476","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"\n
DDoS attacks increased 350% after lockdown<\/a>
What are the most common DDoS attacks<\/a>
FreakOut \u2013 A Botnet targeting Linux<\/a>
IPStorm \u2013 What we know about this botnet<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"