A new variant of the Mirai botnet malware Aquabot, known as Aquabotv3, is causing havoc by exploiting a flaw in Mitel phones.
The compromised phones are then used to build a network of compromised devices for launching DDoS attacks.
What is Aquabotv3 botnet malware?
The Aquabotv3 botnet is a new variant of the Mirai-based botnet malware, Aquabot.
This malware which first appeared in November 2022 however this latest version exploits a command injection vulnerability in Mitel phones that incorporate devices into its bot network.
Aquabotv3 botnet malware leverages the Mirai framework. Mirai is the the world's notorious malware botnet that targets internet of things (IoT) devices to launch massive Distributed Denial of Service (DDoS) attacks.
DDos attacks maliciously flood targets with overwhelming traffic, disrupting servers and ultimately making them inoperable.
Read: Cloudflare Fends Off Largest Ever DDoS Attack
Aquabotv3 targets a vulnerability in Mitel 6800, 6900, and 6900w series SIP phones. These phones are typically used in enterprises, government agencies, corporate offices hospitals, schools, hotels, and banks.
Aquabotv3 gains control of these devices and can execute commands, taking full control.
A unique feature of Aquabotv3 is its ability to report back to its command-and-control server when it detects attempts to mitigate the attack. This is designed to help the botnet operators maintain control.
How to Prevent Botnet Attacks?
Botnet attacks pose a serious threat to our devices but there are steps you can take to fortify your defenses,
1. Install Software Updates
Software updates are the main defense against botnet attacks. These updates function like security patches, continuously reinforcing your devices' resilience against vulnerabilities that attackers exploit.
If you use Mitel phones, it's crucial to update them with the latest security patches to fix the vulnerability.
Unpatched software vulnerabilities are weaknesses. Botnets exploit unpatched software vulnerabilities to gain access and infect devices with malware. This malware can then turn your device into part of a botnet, unknowingly participating in attacks or having its data stolen.Software companies constantly identify and address these weaknesses through security patches delivered in updates.
2. Use Strong Passwords
A weak password is easy for attackers to guess or decrypt using automated tools. Botnets can leverage these tools to try millions of password combinations in a short amount of time, giving them a high chance of success.
Once they gain access, they can steal your data, launch attacks from your device, or even add it to their botnet army. In dictionary attacks they will try common words, phrases, and names found in dictionaries or leaked password databases. Brute-force Attacks systematically try every possible password combination until they find the correct one.
This method is time-consuming for strong passwords but can be effective for weak ones. Credential stuffing utilizes usernames and password combinations leaked from other data breaches and try them on different accounts.
Read: Ubiquiti Routers Hijacked in Russia-Linked Cyber Attack
Strong passwords make it significantly harder for botnets to break into your account. Longer passwords offer more possible combinations, making them more difficult to guess or through brute-force attacks.
Using a combination of uppercase and lowercase letters, numbers, and symbols creates a more complex password that is harder for automated tools to predict. Avoid using the same password for multiple accounts. If a botnet cracks your password for one account, it won't work for others if they are unique. Don't use personal information like your name, birthday, or pet's name in your passwords, as these can be easily guessed.
3. Antivirus and Anti-Malware
Botnets like Aquabotv3 rely on malware to compromise devices. This malware can be delivered through various methods, such as phishing emails, malicious website downloads, or infected USB drives. Once installed, the malware establishes communication with the botnet's central server, transforming your device into a bot under attacker control.
Read: Bigpanzi Botnet Hijacks Android TVs to Channel Malware
4. Improve Network Security
Secure your Wi-Fi network with a strong password and encryption. Be sure to change the default password that comes with your router and avoid using easily guessable passwords.
Consider creating a separate guest network for visitors. This isolates their devices from your main network devices limiting the damage if a guest device is compromised.
Most routers have built-in firewalls that act as a filter, monitoring incoming and outgoing traffic. Enable your firewall for an extra layer of protection. It can help block suspicious traffic that might be associated with botnet activity.
Dealing with botnets requires multilayered defence but by adopting these practices and maintaining a proactive approach to your cybersecurity, you can safeguard your devices from attacks.
