Botnet Exploits GeoVision Zero-Day to Install Mirai Malware<\/title><br \/>\n<\/head><br \/>\n<body><\/p>\n<h1>Botnet Exploits GeoVision Zero-Day to Install Mirai Malware<\/h1>\n<p>A recently seen botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them into a malicious network, presumably for Distributed Denial of Service (DDoS) or cryptomining attacks.<\/p>\n<p>The botnet in question aptly employs the notorious Mirai malware known for large-scale network disruptions.<\/p>\n<h2>Vulnerability Exploitation<\/h2>\n<p>The botnet relies on a particular exploit against GeoVision devices, namely IP cameras and recording systems that have reached their end-of-life cycle.<\/p>\n<p>Identified as CVE-2020-3928, the vulnerability is a zero-day, implying that it was hitherto unknown to GeoVision or the public, until the attackers started using it.<\/p>\n<p>To exploit the vulnerability, the botnet sends specifically crafted requests to the target GeoVision devices.<\/p>\n<p>Upon successful exploitation, the botnet installs the Mirai malware, forcing the compromised devices into the botnet, ready to execute commands from the threat actors.<\/p>\n<h2>The Dangers of Mirai<\/h2>\n<p>Mirai malware is notorious in the cybersecurity landscape.<\/p>\n<p>It was responsible for a significant DDoS attack in 2016, disrupting services like Twitter, Netflix, and Reddit.<\/p>\n<p>Jwt, part of the Mirai famiy, has recently been seen <a href=\"https:\/\/thehackernews.com\/2021\/02\/govr-flaw-not-patched-party-like-its.html\">targeting various IoT devices<\/a>, showing its viability and threat to outdated and unpatched systems.<\/p>\n<h2>Protective Measures<\/h2>\n<p>The leading way to safeguard vulnerable devices from this and similar attacks is to implement rigorous security standards, ensuring equipment is up-to-date and patched.<\/p>\n<p>Physical security should not be neglected, as direct access to devices can allow compromise even without network-based vulnerabilities.<\/p>\n<p>For the users of GeoVision devices, it’s crucial to transition to supported hardware and keep software up-to-date with the manufacturer’s latest releases.<\/p>\n<p>Companies should also recognize and practice the principle of least privilege, allowing only necessary access levels to devices and software to restrict potential avenues of exploitation.<\/p>\n<h2>Continued Vigilance<\/h2>\n<p>Botnets and malware, like that seen in this latest attack with the GeoVision zero-day and the Mirai botnet, continue to exemplify the evolving cybersecurity landscape.<\/p>\n<p>Businesses, governments, and individuals must remain vigilant and proactive to combat these threats and maintain the security of their vital systems.<\/p>\n<h3>Follow-Up Reading<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/massive-botnet-chews-through-20k-wordpress-sites\/d\/d-id\/1340663?\">Massive Botnet Chews Through 20,000 WordPress Sites (Dark Reading)<\/a><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/mirai-botnet-exploits-tv-broadcasting-company\/\">Mirai Botnet Exploits TV Broadcasting Company (ZDNet)<\/a><\/li>\n<li><a href=\"https:\/\/www.welivesecurity.com\/2020\/07\/08\/newly-discovered-vulnerability-puts-iot-devices-risk\/\">Newly Discovered Vulnerability Puts IoT Devices at Risk (WeLiveSecurity)<\/a><\/li>\n<\/ul>\n<p><\/body><br \/>\n<\/html><br \/>\n“`<\/p>\n","protected":false},"excerpt":{"rendered":"<p>“`html Botnet Exploits GeoVision Zero-Day to Install Mirai Malware Botnet Exploits GeoVision Zero-Day to Install<\/p>\n","protected":false},"author":1,"featured_media":2985,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,5],"tags":[],"class_list":["post-2949","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-news","pmpro-has-access"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/2949","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/comments?post=2949"}],"version-history":[{"count":1,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/2949\/revisions"}],"predecessor-version":[{"id":2956,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/2949\/revisions\/2956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media\/2985"}],"wp:attachment":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media?parent=2949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/categories?post=2949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/tags?post=2949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2949,"date":"2024-11-17T13:51:32","date_gmt":"2024-11-17T13:51:32","guid":{"rendered":"https:\/\/aegislens.com\/home\/?p=2949"},"modified":"2024-11-17T13:51:32","modified_gmt":"2024-11-17T13:51:32","slug":"understanding-the-botnet-attack-unmasking-the-geovision-zero-day-exploit-utilized-to-deploy-mirai-malware","status":"publish","type":"post","link":"https:\/\/aegislens.com\/home\/understanding-the-botnet-attack-unmasking-the-geovision-zero-day-exploit-utilized-to-deploy-mirai-malware\/","title":{"rendered":"Understanding the Botnet Attack: Unmasking the GeoVision Zero-Day Exploit Utilized to Deploy Mirai Malware"},"content":{"rendered":"

“`html
\n
\n
\nBotnet Exploits GeoVision Zero-Day to Install Mirai Malware<\/title><br \/>\n<\/head><br \/>\n<body><\/p>\n<h1>Botnet Exploits GeoVision Zero-Day to Install Mirai Malware<\/h1>\n<p>A recently seen botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them into a malicious network, presumably for Distributed Denial of Service (DDoS) or cryptomining attacks.<\/p>\n<p>The botnet in question aptly employs the notorious Mirai malware known for large-scale network disruptions.<\/p>\n<h2>Vulnerability Exploitation<\/h2>\n<p>The botnet relies on a particular exploit against GeoVision devices, namely IP cameras and recording systems that have reached their end-of-life cycle.<\/p>\n<p>Identified as CVE-2020-3928, the vulnerability is a zero-day, implying that it was hitherto unknown to GeoVision or the public, until the attackers started using it.<\/p>\n<p>To exploit the vulnerability, the botnet sends specifically crafted requests to the target GeoVision devices.<\/p>\n<p>Upon successful exploitation, the botnet installs the Mirai malware, forcing the compromised devices into the botnet, ready to execute commands from the threat actors.<\/p>\n<h2>The Dangers of Mirai<\/h2>\n<p>Mirai malware is notorious in the cybersecurity landscape.<\/p>\n<p>It was responsible for a significant DDoS attack in 2016, disrupting services like Twitter, Netflix, and Reddit.<\/p>\n<p>Jwt, part of the Mirai famiy, has recently been seen <a href=\"https:\/\/thehackernews.com\/2021\/02\/govr-flaw-not-patched-party-like-its.html\">targeting various IoT devices<\/a>, showing its viability and threat to outdated and unpatched systems.<\/p>\n<h2>Protective Measures<\/h2>\n<p>The leading way to safeguard vulnerable devices from this and similar attacks is to implement rigorous security standards, ensuring equipment is up-to-date and patched.<\/p>\n<p>Physical security should not be neglected, as direct access to devices can allow compromise even without network-based vulnerabilities.<\/p>\n<p>For the users of GeoVision devices, it’s crucial to transition to supported hardware and keep software up-to-date with the manufacturer’s latest releases.<\/p>\n<p>Companies should also recognize and practice the principle of least privilege, allowing only necessary access levels to devices and software to restrict potential avenues of exploitation.<\/p>\n<h2>Continued Vigilance<\/h2>\n<p>Botnets and malware, like that seen in this latest attack with the GeoVision zero-day and the Mirai botnet, continue to exemplify the evolving cybersecurity landscape.<\/p>\n<p>Businesses, governments, and individuals must remain vigilant and proactive to combat these threats and maintain the security of their vital systems.<\/p>\n<h3>Follow-Up Reading<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/massive-botnet-chews-through-20k-wordpress-sites\/d\/d-id\/1340663?\">Massive Botnet Chews Through 20,000 WordPress Sites (Dark Reading)<\/a><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/mirai-botnet-exploits-tv-broadcasting-company\/\">Mirai Botnet Exploits TV Broadcasting Company (ZDNet)<\/a><\/li>\n<li><a href=\"https:\/\/www.welivesecurity.com\/2020\/07\/08\/newly-discovered-vulnerability-puts-iot-devices-risk\/\">Newly Discovered Vulnerability Puts IoT Devices at Risk (WeLiveSecurity)<\/a><\/li>\n<\/ul>\n<p><\/body><br \/>\n<\/html><br \/>\n“`<\/p>\n","protected":false},"excerpt":{"rendered":"<p>“`html Botnet Exploits GeoVision Zero-Day to Install Mirai Malware Botnet Exploits GeoVision Zero-Day to Install<\/p>\n","protected":false},"author":1,"featured_media":2985,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,5],"tags":[],"class_list":["post-2949","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-news","pmpro-has-access"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/2949","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/comments?post=2949"}],"version-history":[{"count":1,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/2949\/revisions"}],"predecessor-version":[{"id":2956,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/posts\/2949\/revisions\/2956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media\/2985"}],"wp:attachment":[{"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/media?parent=2949"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/categories?post=2949"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aegislens.com\/home\/wp-json\/wp\/v2\/tags?post=2949"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}