“The enemy of my enemy is my friend.” Apparently, this proverb doesn’t sit well in the cybercriminal world as dissension has been sowed between hackers.
A new IoT botnet has been discovered that deploys honeypots to capture attacks from rival botnets and use that information to hijack their infrastructure. Dubbed ZHtrap, this botnet takes after Mirai and exploits vulnerabilities to target Netgear routers, Realtek-based devices, DVRs, and CCTV cameras. All the infected bots are then used to launch DDoS attacks.
Why does it matter?
The installation of the honeypot is a unique twist to ZHtrap as the software is used to collect the IP addresses of the scan&exploit rival bots. Netlab warned that despite the primary purpose of launching DDoS attacks, ZHtrap carries advanced functionalities. Three versions of the botnet have been detected all of which are under constant development and upgrade.
Is that all?
No. Another instance of hackers against hackers came forth when the now-defunct WeLeakInfo data breach site was breached. A threat actor was spotted selling stolen databases containing details of 24,000 customers in another hacker forum - RaidForums. The leaked information contained full names, addresses, email addresses, IP addresses, partial credit card info, Stripe reference numbers, and amounts paid for stolen data.
What do experts recommend?
- Never share personal information over email, phone, or texts.
- Implement MFA.
- Monitor financial transactions.
- Update your software.
The bottom line
It all boils down to the fact that if hackers can even go against each other for maximum financial gains, the only thing to protect yourself from such threats is to have a robust, integrated security infrastructure.