Across its global honeypots, the Akamai Security Incident Response Team ( SIRT ) has noticed an increase in activity targeting a TCP port that is rarely used.  ,
The investigation, which was carried out in late October 2023, identified two zero-day exploits that were actively used in the wild and revealed a certain HTTP exploit path.  ,
While the second attack targeted outlet-based wireless LAN routers for hotels and residential applications, the first exploit targeted network video recorders ( NVRs ) used in CCTV and security camera devices.
The NVR devices used default operational credentials, which are frequently documented by the manufacturer, according to additional analysis. A fix being developed by the vendor is expected to be available in December 2023. Details about the disturbed model’s release are being withheld by the router vendor until the patch is complete.
The older JenX Mirai malware variant was mostly used by the Akamai SIRT to identify the campaign’s origins as a Mirii botnet activity cluster. Notably, the command-and-control ( C2 ) domains used derogatory language and racial slurs. The campaign’s malware samples resembled the initial Mirai botnet in many ways.
New Mirai Variant Campaigns Are Targeting IoT Devices: More Information
The Snort and YARA rules, SHA256SUMs of malware samples andnbsp, and C2 domains were all shared by the researchers as indicators of compromise. To inform affected vendors, the SIRT is working with CISA/US- CERT and JPCERT.  ,
Checking and altering the default credentials on Internet of Things ( IoT ) devices, isolating weaker ones, and putting in place DDoS security controls are all suggested mitigation measures.
The expert states that” threats like botnets and ransomware rely on default passwords that are frequently widely known and easily available for propagation.” The likelihood of unauthorized access and possible security breaches decreases the more challenging it is for a threat to move about.
The importance of honeypots in cybersecurity and the requirement for organizations to be aware of new threats are highlighted in the Akamai blog post’s conclusion. When vendors and CERTs have finished the responsible disclosure process, the SIRT intends to publish a follow-up blog post with more information.
