Botnet malware could infect NVRs and routers

A botnet malware could infect network video recorder (NVRs) and routers. In fact, a new Mirai-based botnet malware named "InfectedSlurs" has been actively exploiting two zero-day remote code execution (RCE) vulnerabilities to infect network video recorder (NVR) devices and routers. This malware campaign was discovered by Akamai's Security Intelligence Response Team through their global honeypots.

The "InfectedSlurs" malware hijacks the devices to make them part of its DDoS (distributed denial of service) swarm, presumably rented for profit.

Once InfectedSlurs infects a device, it adds the device to its botnet and can use it to launch distributed denial-of-service (DDoS) attacks. DDoS attacks are designed to overwhelm a target server with traffic, making it unavailable to legitimate users.

Akamai researchers believe that InfectedSlurs is likely being used for profit-driven DDoS attacks. They have observed the botnet targeting a variety of organizations, including financial institutions, government agencies, and internet service providers.

The cybersecurity company reports that the impacted vendors haven't patched the two exploited flaws yet; hence, details about them have been reserved for now.

Akamai's Security Intelligence Response Team first discovered the botnet in October 2023, noticing unusual activity on a rarely used TCP port targeting their honeypots.

The botnet leverages an undocumented RCE flaw to gain unauthorized access to the device. Further examination showed that the malware also uses default credentials documented in the vendor's manuals for multiple NVR products to install a bot client and perform other malicious activities.

Moving on, organizations should also consider implementing DDoS mitigation strategies to protect against attacks from InfectedSlurs and other botnets.

Dr. Deepak Kumar Sahu, President & CEO, VARINDIA