InfrastructurePrimary method of propagation is via home routers such as GPON home router/ DD-WRT router/ Tomato router. Mushtik uses IRC servers for Command & Control (C2) to send instructions to the compromised systems. Botnet abuses the following vulnerabilities to compromise web systems:
- Oracle WebLogic Server bugs (CVE-2019-2725 and CVE-2017-10271)
- Drupal RCE flaw (CVE-2018-7600)
- User data could be at risk.
- Cryptomining is a resource intensive operation consuming computational power of target information systems.
- Once the attacker hijacks the router, they also take control of the user traffic.
- Security incidents lead to business loss mainly of revenue and reputation.
- Botnet compromise and the consecutive heavy resource utilization of crypto mining processes limit users accessibility to services provided by information systems.
- Challenges the overall security posture of the business affecting client relationships.
- Adverse impact on the confidentiality and integrity of data associated with an organization.
- Effective vulnerability management of both hardware and software
- Updated EDR/ XDR solutions to detect anomalies on the host system
- IDPS solutions to thwart the possibility of an attack