Source URL: https://www.theregister.com/2025/01/29/ddos_attacks_aquabot_mitel/
Source: The Register
Title: Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet
Feedly Summary: And now you won’t stop calling me, I’m kinda busy
A new variant of the Mirai-based malware Aquabot is actively exploiting a vulnerability in Mitel phones to build a remote-controlled botnet, according to Akamai’s Security Intelligence and Response Team.…
AI Summary and Description: Yes
Summary: The text details the emergence of a new variant of the Aquabot malware, called Aquabotv3, which exploits a vulnerability in Mitel phones to form a remote-controlled botnet capable of DDoS attacks. It presents a unique capability to report back to its command-and-control server when it detects signals attempting to terminate the malware, indicating a level of sophistication not previously seen in Mirai variants.
Detailed Description:
– **Emergence of Aquabotv3**:
– Aquabotv3 is a new Mirai-based variant that targets Mitel phone vulnerabilities.
– It is reported by Akamai’s Security Intelligence and Response Team.
– **Exploitation of Vulnerability**:
– Specifically exploits CVE-2024-41710, affecting several Mitel phone models.
– This vulnerability allows attackers to execute arbitrary commands and gain root-level control due to poor default password management by users.
– **New Behavior in Botnet Communication**:
– This variant’s standout feature includes reporting back to its command-and-control (C2) server if it receives a “kill signal,” a behavior not previously noted in earlier Mirai versions.
– This capability could allow its operators to monitor the botnet’s status actively, suggesting a more adaptive and resilient malware design.
– **Method of Operation**:
– Utilizes a command injection flaw that an attacker with administrative privileges can exploit.
– Attackers can inject malicious commands into configuration files of the vulnerable devices, leading to the execution of Mirai malware.
– **Incident Detection**:
– Akamai’s global network detected exploit attempts in early January 2025, similar to existing proof-of-concept attacks.
– **Widespread Vulnerabilities**:
– Beyond the Mitel devices, the Aquabot malware also spreads through multiple other vulnerabilities in various systems including Hadoop YARN and Linksys E-series RCE.
– **Security Implications**:
– The evolution of Aquabotv3 highlights the increasing complexity of modern malware, impacting the entirety of information security mechanisms.
– The necessity for strong password management and timely vulnerability patching is accentuated for organizations relying on similar hardware.
– **Actionable Insight for Security Professionals**:
– Security professionals must enforce strict credential policies and implement monitoring systems to detect unusual botnet behaviors.
– Continuous updates and educational efforts related to vulnerabilities and malware behaviors are necessary to defend against such evolving threats.
This analysis underscores the malware landscape’s dynamic nature and the critical need for proactive security measures in infrastructure security and compliance practices.