A new wave of cyberattacks is leveraging a recently discovered vulnerability to expand the notorious Mirai botnet. Threat actors are actively exploiting CVE-2024-3721, a critical security flaw primarily affecting certain internet-connected recording devices manufactured by TBK. Specifically, this campaign is targeting TBK brand Digital Video Recorders (DVRs) and Network Video Recorders (NVRs) that remain unpatched.
The vulnerability allows attackers to gain unauthorized access and execute arbitrary code on vulnerable devices. By exploiting this weakness, the Mirai botnet operators can compromise these systems and recruit them into their vast network of compromised devices. Once part of the botnet, these DVRs and NVRs can be used to launch large-scale distributed denial-of-service (DDoS) attacks, overwhelming targets with malicious traffic.
This development highlights the ongoing risk posed by unsecure internet-connected devices, often referred to as the Internet of Things (IoT). Many older or poorly maintained IoT devices have known vulnerabilities that, if left unaddressed, become prime targets for botnets like Mirai.
To protect against this specific threat and similar future attacks, owners and administrators of TBK DVRs and NVRs are strongly urged to take immediate action. The most critical step is to apply the necessary security updates or patches provided by the manufacturer as soon as they are available. If updates are not possible or readily available, consider isolating the devices from the public internet using firewalls or virtual private networks (VPNs) and place them on a segmented network where they cannot be directly reached from the outside world. Regularly reviewing and updating the firmware of all internet-connected devices is a fundamental aspect of maintaining good cybersecurity posture. Ignoring these vulnerabilities leaves devices exposed and vulnerable to exploitation by malicious actors looking to expand their botnets and launch disruptive attacks. Proactive security measures are essential in combating the evolving landscape of IoT threats.
Source: https://securityaffairs.com/178779/malware/new-mirai-botnet-targets-tbk-dvrs-by-exploiting-cve-2024-3721.html
