'Amnesia' IoT botnet feasts on year-old unpatched vulnerability
New variant of 'Tsunami' is a disaster waiting to happen
Hackers have brewed up a new variant of the IoT/Linux botnet "Tsunami" that exploits a year-old but as yet unresolved vulnerability.
The Amnesia botnet targets an unpatched remote code execution vulnerability publicly disclosed more than a year ago in DVR (digital video recorder) devices made by TVT Digital and branded by over 70 vendors worldwide.
The vulnerability affects approximately 227,000 devices around the world with Taiwan, the United States, Israel, Turkey, and India being the most exposed, specialists at Unit 42, Palo Alto Networks' threat research unit, warn.
The Amnesia botnet is yet to be abused to mount a large-scale attack but the potential for harm is all too real.
"Amnesia exploits this remote code execution vulnerability by scanning for, locating, and attacking vulnerable systems," the researchers warn. "A successful attack results in Amnesia gaining full control of the device. Attackers could potentially harness the Amnesia botnet to launch broad DDoS attacks similar to the Mirai botnet attacks we saw in Fall [autumn] 2016."
El Reg asked TVT Digital, based in Shenzhen, China, for a response to Palo Alto's warning but are yet to receive a reply. We'll update the story as and when we hear more. ®
Sponsored: Becoming a Pragmatic Security Leader