New Satori variant leverages D-Link router vulnerability to ensnare new devices

Security experts have identified an uptick in malicious botnet activity including adding more devices to the notorious Satori botnet. Hackers have been taking advantage of the recently discovered device exploits, specifically targeting D-Link DSL-2750B devices.

Experts have discovered the author behind Satori has released a new variant that exploits a critical vulnerability in D-Link DSL routers. Lack of patches, IoT devices using default usernames and passwords, and lackadaisical attitude towards IoT security have only been helping Satori, researchers said.

Netlab 360 researchers said they observed the Satori botnet scanning for open ports 80 and 8000 on the internet. They also noted the updated malware now propagates as a worm.

Satori’s notorious history

Satori botnet is a variant of Mirai that first came to light in late 2017 after the botnet managed to infect more than 260,000 home routers within 12 hours. The botnet adds infected devices to its network to carry out multiple nefarious activities including launching distributed denial of service (DDoS) attacks to cripple networks, mine digital coins, and more..

According to Netlab 360 researchers, the new variant has already launched at least two DDoS attacks.

What should end users do to stay safe?

If you are using vulnerable routers or D-Link DSL-2750B devices, you must take preemptive steps against the botnet. Disable remote administration, and make sure you have changed the default login credentials of the device. Install updates in your devices regularly to patch vulnerabilities and thwart botnet attacks.

End user alone can’t tackle this issue

End users and device owners can only do so much to stop Satori or any other malicious attacks launched against the IoT devices. It has been observed several times that most of the IoT devices are shipped to the end users with out-of-date, unsecured software vulnerable to several malware attacks.

Manufacturers also rarely update this software indicating the attitude towards IoT security needs to change. As the number of connected devices continues to increase exponentially, it is critical for all entities - from manufacturing to end users - to take on responsibility to secure systems against malicious attackers.