Download PDF version Contact company
Related Links

A new variant of the InterPlanetary Storm malware has infected roughly 13,500 machines across 84 different countries and counting, says email security firm Barracuda Networks in their September Threat Spotlight research. The malware, named InterPlanetary Storm, was initially uncovered in May 2019 as a malicious attack designed to target Windows machines.

This new variant, which Barracuda researchers first detected in late August, is now also targeting IoT devices, such as TVs that run on Android operating systems, and Linux-based machines, such as routers with ill-configured SSH service. Essentially, this new variant gains access to machines by running a dictionary attack against SSH server, similar to FritzFrog, another peer-to-peer (p2p) malware.

Access to infected devices

It spreads using SSH brute force and open ADB ports, and it serves malware files to other nodes in the network

It can also gain entry by accessing open ADB (Android Debug Bridge) servers. The malware detects the CPU architecture and running OS of its victims, and it can run on ARM-based machines, an architecture that is quite common with routers and other IoT devices. Whilst the function of this malware is not known yet, it’s likely that campaign operators will be able to gain access to infected devices so they can later be used for crypto mining, DDoS, or other large-scale attacks.

Some of the 84 countries which have so far reported cases of the InterPlanetary Storm malware, include: Argentina, Australia, Belgium, Brazil, Canada, France, Germany, India, Spain, the United Kingdom and the United States. It spreads using SSH (Soft Shell) brute force and open ADB ports, and it serves malware files to other nodes in the network. The malware also enables reverse shell and can run bash shell.

Multi-factor authentication

Fleming Shi, CTO for Barracuda Networks, comments: “This new variant of malware is extremely infectious and malicious, and it’s very likely that it will spread beyond the 84 countries which have already been impacted. Moving forward, it’s essential that tech users properly configure Secure Shell access on all devices."

"This means using keys instead of passwords, which will make access more secure. Furthermore, deploying a multi-factor authentication enabled VPN connection to a segmented network, instead of granting access to broad IP networks is vital, particularly if users wish to share access to secure shells without exposing the resource on the internet.”

Download PDF version Download PDF version

Related videos

DNAKE S-series video door phone

DNAKE S-series video door phone
Install in minutes, no tech required: DNAKE intercom kit IPK04 & IPK05

Install in minutes, no tech required: DNAKE intercom kit IPK04 & IPK05
Case study: Gunes Park Evleri̇, Turkey

Case study: Gunes Park Evleri̇, Turkey

In case you missed it

Global regulations of AI: the role and impact on the physical security industry
Global regulations of AI: the role and impact on the physical security industry

The artificial intelligence revolution in physical security has arrived, transforming how we protect people, assets, and infrastructure. From smart buildings that automatically ad...

How does security innovation impact the skillsets operators need?
How does security innovation impact the skillsets operators need?

Technology automates tasks, streamlines processes, and improves efficiency in various fields, including physical security. But the success of today’s latest technologies depe...

How can manufacturers and integrators mitigate the risks of port forwarding?
How can manufacturers and integrators mitigate the risks of port forwarding?

Port forwarding is a networking technique that allows incoming traffic on a specific port number to be redirected to a particular device or application on a local network. Open por...

Featured white papers
Palm vein recognition

Palm vein recognition

Download
The key to unlocking K12 school safety grants

The key to unlocking K12 school safety grants

Download
Selecting the right network video recorder (NVR) for any vertical market

Selecting the right network video recorder (NVR) for any vertical market

Download
Physical access control

Physical access control

Download
Cybersecurity for enterprise: The essential guide to protecting your business

Cybersecurity for enterprise: The essential guide to protecting your business

Download
Quick poll
What's the primary benefit of integrating access control with video surveillance?
More corporate news
Camden Door Controls announces new website to provide information on low-voltage system design

Camden Door Controls announces new website to provide information on low-voltage system design
Kenna Security and VMware Carbon Black announces partnership to enhance vulnerability assessment and risk scoring capabilities

Kenna Security and VMware Carbon Black announces partnership to enhance vulnerability assessment and risk scoring capabilities
ONVIF introduces release candidate for Profile M to standardise metadata and analytics for smart applications

ONVIF introduces release candidate for Profile M to standardise metadata and analytics for smart applications
Featured products
Verkada Command Connector for Camera Integration & Cloud Management

Verkada Command Connector for Camera Integration & Cloud Management
Hikvision One-Stop SMB Solutions

Hikvision One-Stop SMB Solutions
Dahua X-spans Wizmind Network PTZ Camera

Dahua X-spans Wizmind Network PTZ Camera