Download PDF version Contact company
Related Links

A new variant of the InterPlanetary Storm malware has infected roughly 13,500 machines across 84 different countries and counting, says email security firm Barracuda Networks in their September Threat Spotlight research. The malware, named InterPlanetary Storm, was initially uncovered in May 2019 as a malicious attack designed to target Windows machines.

This new variant, which Barracuda researchers first detected in late August, is now also targeting IoT devices, such as TVs that run on Android operating systems, and Linux-based machines, such as routers with ill-configured SSH service. Essentially, this new variant gains access to machines by running a dictionary attack against SSH server, similar to FritzFrog, another peer-to-peer (p2p) malware.

Access to infected devices

It spreads using SSH brute force and open ADB ports, and it serves malware files to other nodes in the network

It can also gain entry by accessing open ADB (Android Debug Bridge) servers. The malware detects the CPU architecture and running OS of its victims, and it can run on ARM-based machines, an architecture that is quite common with routers and other IoT devices. Whilst the function of this malware is not known yet, it’s likely that campaign operators will be able to gain access to infected devices so they can later be used for crypto mining, DDoS, or other large-scale attacks.

Some of the 84 countries which have so far reported cases of the InterPlanetary Storm malware, include: Argentina, Australia, Belgium, Brazil, Canada, France, Germany, India, Spain, the United Kingdom and the United States. It spreads using SSH (Soft Shell) brute force and open ADB ports, and it serves malware files to other nodes in the network. The malware also enables reverse shell and can run bash shell.

Multi-factor authentication

Fleming Shi, CTO for Barracuda Networks, comments: “This new variant of malware is extremely infectious and malicious, and it’s very likely that it will spread beyond the 84 countries which have already been impacted. Moving forward, it’s essential that tech users properly configure Secure Shell access on all devices."

"This means using keys instead of passwords, which will make access more secure. Furthermore, deploying a multi-factor authentication enabled VPN connection to a segmented network, instead of granting access to broad IP networks is vital, particularly if users wish to share access to secure shells without exposing the resource on the internet.”

Download PDF version Download PDF version

Related videos

Upgraded feature for Xesar - Now with smartphone as well!

Upgraded feature for Xesar - Now with smartphone as well!
Enhancing government security with proactive threat detection from Wavestore

Enhancing government security with proactive threat detection from Wavestore
Join the biggest hour for Earth

Join the biggest hour for Earth

In case you missed it

What are the new security applications in colleges and universities?
What are the new security applications in colleges and universities?

College campuses are meant to be places of learning, growth, and community. Fostering such an environment requires the deployment of policies and technologies that ensure safety an...

Real-time security analytics by Winston-Salem Police Department with Verkada
Real-time security analytics by Winston-Salem Police Department with Verkada

The Winston-Salem Police Department (WSPD), internationally accredited by the Commission on Accreditation for Law Enforcement Agencies (CALEA), is dedicated to proactive, data-driv...

Oil sector cybersecurity - overcoming challenges with Honeywell's csHAZOP
Oil sector cybersecurity - overcoming challenges with Honeywell's csHAZOP

A major European oil and gas company that acquires, explores, produces and supplies chemical and petroleum products had a cybersecurity challenge. Company leadership wanted a b...

Featured white papers
Security practices for hotels

Security practices for hotels

Download
Access control system planning phase 2

Access control system planning phase 2

Download
Honeywell GARD USB threat report 2024

Honeywell GARD USB threat report 2024

Download
SIA Identity and Biometrics Symposium

SIA Identity and Biometrics Symposium

Download
Facial recognition

Facial recognition

Download
Quick poll
Which feature is most important in a video surveillance system?
More corporate news
Camden Door Controls announces new website to provide information on low-voltage system design

Camden Door Controls announces new website to provide information on low-voltage system design
Kenna Security and VMware Carbon Black announces partnership to enhance vulnerability assessment and risk scoring capabilities

Kenna Security and VMware Carbon Black announces partnership to enhance vulnerability assessment and risk scoring capabilities
ONVIF introduces release candidate for Profile M to standardise metadata and analytics for smart applications

ONVIF introduces release candidate for Profile M to standardise metadata and analytics for smart applications
Featured products
HID Signo™ Biometric Reader 25B - Multi-technology, mobile ready, fingerprint reader

HID Signo™ Biometric Reader 25B - Multi-technology, mobile ready, fingerprint reader
Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity

Anviz 8MP AI-Powered Mini Dome Network Camera with 360° Clarity
Verkada Monitored Alarm System

Verkada Monitored Alarm System