Cybersecurity researchers at Qualys have uncovered a significant new threat in the IoT security landscape – the Murdoc botnet, a sophisticated variant of the notorious Mirai malware. Since its emergence in July 2024, this malicious network has successfully compromised more than 1,370 devices, primarily targeting systems in Southeast Asia and Latin America, marking a concerning development in IoT security.
Technical Analysis of the Murdoc Botnet Attack Vector
The Murdoc botnet employs a multi-vector attack strategy, leveraging two critical vulnerabilities: the recently discovered CVE-2024-7029 affecting Avtech IP cameras and the previously known CVE-2017-17215 in Huawei HG532 routers. The infection process involves a sophisticated multi-stage payload delivery system, specifically tailored to target different device architectures, demonstrating the botnet’s advanced capabilities and adaptability.
Vulnerability Assessment and Global Impact
According to Censys platform data, there are currently 37,995 vulnerable Avtech cameras exposed on the internet. The highest concentration of vulnerable devices has been identified in Taiwan, Vietnam, Indonesia, the United States, and Sri Lanka. The threat actors have established an extensive command and control infrastructure, utilizing over 100 C2 servers to maintain control over the compromised devices.
Critical Analysis of CVE-2024-7029 Vulnerability
The CVE-2024-7029 vulnerability, affecting Avtech AVM1203 IP cameras, centers on a critical flaw in the brightness adjustment functionality. This security gap enables unauthenticated attackers to execute arbitrary commands through specially crafted requests. The situation is particularly critical due to the lack of available patches, as the manufacturer has discontinued support for these devices, which reached end-of-life status in 2019.
Technical Impact and Attack Methodology
The primary objective of the Murdoc botnet operators appears to be the orchestration of large-scale DDoS attacks, following the typical pattern of Mirai-based botnets. The malware demonstrates sophisticated capabilities in device enumeration, exploitation, and payload delivery, making it a significant threat to vulnerable IoT infrastructure.
This emerging threat underscores the critical importance of implementing robust IoT security measures. Organizations and individual users should immediately conduct comprehensive device audits, focusing on identifying and addressing potential vulnerabilities. Key recommendations include implementing network segmentation for IoT devices, regularly updating firmware where possible, and considering the replacement of end-of-life devices that no longer receive security updates. The situation serves as a stark reminder that inadequate IoT security practices can lead to severe consequences in our increasingly connected world.
