Researchers have alleged that hackers are exploiting a flaw in the device monitoring programme Cacti to instal malware on susceptible endpoints.
Multiple attempts to exploit the major command injection vulnerability, CVE-2022-46169, were discovered by researchers at The Shadowserver Foundation.
Using this serious vulnerability, bad actors have been seen distributing the Mirai malware and an IRC botnet. For future assaults, several threat actors were spotted only verifying the vulnerability.
There are still thousands of cases that have not been fixed
Mirai is malware that infects and integrates Linux-based smart home equipment like IP cameras and home routers into a network known as a botnet. Distributed Denial of Service (DDoS) assaults, which exploit the botnet, can cause service interruptions and even website outages.
The IRC botnet was seen doing a port scan on the endpoint by launching a reverse shell on the host.
A total of around ten exploitation attempts were discovered during the last week.
According to a research by Censys, approximately 1,600 unpatched Cacti instances are accessible through the internet, and this number is certain to grow.
A total of 6,427 hosts were found by Censys to be using Cacti. Censys lamented, “Unfortunately, the only time we can view the precise operating software version is when a special theme (sunrise) is activated on the online application. Nonetheless, 1,637 hosts were discovered to be accessible through the internet and susceptible to CVE-2022-46169, with the vast majority (465) using the version 1.1.38 that was issued over a year ago.
More worryingly, Censys has seen just 26 cases using a patched, non-vulnerable version.
The best approach to safeguard your devices from such assaults is, as always, to use up-to-date software on every one of them.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover