Your home router could be running slow as it has become part of the Matrix, according to a newly published report by Assaf Morag, the director of Aqua Nautilus threat intelligence at Aqua Security. Here’s what you need to know about this new and widespread cyber attack.
35 Million Machines Could Become Part Of The Matrix, Researchers Say
With almost 35 million devices being identified as vulnerable worldwide, threat intelligence researchers from Aqua Nautilus have warned that the Matrix could be slowing down internet speeds for home users of affected routers and exposing businesses to operational disruption, cybercrime and reputational damage.
The distributed denial-of-service campaign was masterminded by a threat actor called Matrix, Morag said, and “demonstrates a growing trend among threat actors to target vulnerabilities and misconfigurations across internet-connected devices, particularly IoT and enterprise systems.” In the case of Matrix, the DDoS campaign has combined a whole bunch of things to create a formidable botnet: public scripts, brute-force attacks as well as weak credentials exploitation.
The Aqua Security report suggests that the Matrix threat actor is likely Russian, but with no direct targeting of Ukrainian victims, it would appear the motivation is purely financial rather than political in this instance. What the threat intelligence does highlight, however, is the continuing evolution of the DDoS threat within an ever-changing landscape “where even script kiddies can leverage open-source tools to execute sophisticated and large-scale campaigns,” Morag said.
Matrix Demonstrates How A One-Stop Shop For All Your DIY Cyber Attack Needs Is Possible
Morag mentioned script kiddies, those criminal hackers with a low degree of technical and coding skill, for a very good reason: several indicators suggest that Matrix is a single threat actor rather than a cybercrime group, and a script kiddie at that. None of which would appear to have stopped them from orchestrating a global attack on such a huge scale. “With the proliferation of artificial intelligence tools and an abundance of plug-and-play hacking tools,” Morag warned, “script kiddies now pose a greater threat than ever before.”
What is interesting, however, from the cybercrime evolutionary perspective at least, is how this attack campaign marks a hybridization of software development life cycle servers and internet-of-things devices. Traditionally, if such a term can apply to cybercrime, the former have largely been used for crypto mining activity and the latter DDoS botnets. “This shift may signal an increasing interest in leveraging corporate vulnerabilities and misconfigurations for DDoS activities,” Morag said.
Although the campaign in and of itself could hardly be called sophisticated, what the Matrix threat actor has managed to do is highlight how a little technical know-how and a lot of easily accessible tools can combine to cause a formidable DDoS attack botnet.
To escape the Matrix you need to ensure your routers are updated with the latest firmware, have strong admin passwords and you are not relying upon default credentials.
