All About Satori Botnet
With each passing day it is becoming more and more difficult to keep our devices protected. Every second day we hear about a more dangerous threat targeting our machine in one way or the other. Attackers are one step ahead of us, the moment a new technology is created they know it’s vulnerability.
Mirai botnet is again in the news headlines for its updated variant Satori.
What is Satori?
Satori is a derivative of Mirai and exploits vulnerabilities in 2 devices: SOAP service in Realtek SDK and in Huawei home router HG532 targeting port 37215. Till today three variants of Satori have been identified, the first of these appeared in 2017 just before these recent attacks were noticed. The first targeted Audio Return Channel (ARC) chipsets used in wide range of applications including automotive, industrial and IoT. Satori the name is based on the Japanese word “awakening”.
What is Audio Return Channel?
ARC is a protocol that offers two-way communication between devices over a single HDMI connection. It lets user use HDMI as both an input and an audio output.
How Does Satori Work?
Like other Satori variants this one also uses Mirai code base and is designed to spread through credential scanning. Meaning the malware can infect any Audio Return Channel ARC device using the default or easy to crack username and password. Plus, it can exploit programming vulnerabilities in the device firmware.
Satori bot fills the target with manually created UDP or TCP packets and then tries to resolve the IP address of a C&C server using DNS request with a hardcoded domain name. The C&C server in return provides packet used for the attack and passes an individual IP for attack.
Till now the bot has been targeting wrangles routers, security cameras, and other IoT devices but now cryptocurrency is also on its target.
How to Stay Protected from Such Attacks?
It isn’t difficult to protect our devices from being attacked what one needs is to cautious. Most of us don’t pay attention to the warning message due to which we fall prey for such attacks. To stay protected keep following points in mind:
- Run firewall and configure the in-built firewall function.
- Avoid using default password for any of your devices.
- Always created alphanumeric passwords that are hard to guess.
- Install a firewall at the carrier side.
Also Read: How to Avoid Data Breach
Satori bot is a clear example that shows how smart attackers are becoming. It doesn’t take much time for them to identify a vulnerability and use it perform an attack. It is rightly said there are zero-day exploits so we need to be ready in time before anything wrong happens. DDoS attacks are becoming prevalent and with more and more devices getting connected the risk is even more bigger. We won’t be able to know when a device will be exploited and will be used to create a bot army and attack other devices.