EwDoor Botnet Focuses on DDoS Attacks
The EwDoor Botnet is a relatively new project, which appears to be active in the United States. Although the project appears to have been online for just a few months, its creators are taking advantage of a very old vulnerability. The issue in question concerns AT&T enterprise network edge devices, and it has been public for over four years. Of course, the latest software patches make sure to fix this vulnerability – but many devices are running outdated and vulnerable firmware.
The exact range of devices that the EwDoor Botnet operators target are those belonging to the EdgeMarc Enterprise Session Border Controller (ESBC.) Unfortunately, this botnet's activity appears to be gaining pace – over 6,000 newly compromised devices were identified in just a few hours.
EwDoor Botnet Boasts Backdoor and DDoS Capabilities
All infected devices can receive commands from the attacker's command-and-control server. The implant of the EwDoor Botnet has basic backdoor abilities, which enable attackers to execute remote commands, manage files, and more. The primary purpose of the botnet appears to be carrying out distributed-denial-of-service (DDoS) attacks against selected websites and online services.
Because of EwDoor Botnet's young age, it is still impossible to tell whether its operators have larger plans for their campaign. This is one of the many botnets taking advantage of outdated vulnerabilities, by targeting devices running older software. Campaigns like the EwDoor Botnet are an important reminder why all devices and hardware exposed to the Internet must be properly secured – by using up-to-date firmware, and secure login credentials.