logo
cover

Cyber Threat Intel

The CVEs below were among a host of vulnerabilities exploited by a new botnet, Enemybot, to actively compromise vulnerable modems, routers and Internet of Things (IoT) devices. All the botnet versions incorporated exploits for these vulnerabilities.


Key Vulnerabilities

The CVEs below were among a host of vulnerabilities exploited by a new botnet, Enemybot, to actively compromise vulnerable modems, routers and Internet of Things (IoT) devices. All the botnet versions incorporated exploits for these vulnerabilities.

CVE-2020-17456 OVS:35 A critical remote code execution flaw (RCE) (CVSS 9.8|OVSS: 35) in Seowon Intech SLC-130 and SLR-120S routers.
CVE-2018-10823 OVS:40 A high severity RCE flaw (CVSS 8.8|OVSS: 40) affecting multiple D-Link DWR routers.
CVE-2022-27226 OVS:39 A high severity arbitrary cronjob injection flaws (CVSS 8.8|OVSS: 39) impacting iRZ mobile routers.

Key Intelligence Reports

New botnet Enemybot targets vulnerable modems, routers and Internet of Things (IoT) devices. Read full report >> OVS:76
Hacktivist collectives claim breach of multiple Russian critical infrastructure entities. Read full report >> OVS:74
Emotet increases and spreads activity, introducing 64-bit loaders and stealer modules. Read full report >> OVS:73

Analyst Comment

Our selection of key IntReps and vulnerabilities this week illustrates the continued threat posed by botnets. In the case of Emotet, the botnet appears to be regaining momentum following a coordinated law enforcement operation in early 2021 that dismantled its infrastructure. Emotet has been rebuilding since November 2021 as underlined by its partnership with Conti ransomware operators. Emotet can be used as a first stage loader that provides ransomware operators with initial access from which they can deploy their payload. By testing 64-bit loaders and stealer modules, the botnet’s developers are seeking to improve its capabilities and ensure that their efforts are more difficult for security mechanisms to identify. This reporting period also highlighted substantial hacktivist activity, led by Anonymous, who claimed responsibility for five breaches against various Russian private and public entities. Anonymous has been actively targeting Russian organisations since the beginning of the conflict in February 2022, and we assess further compromises will continue to occur as Russia’s invasion of Ukraine continues.

What is OVS?

The Orpheus Vulnerability Score (OVS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.