{"id":4165,"date":"2022-12-26T19:54:03","date_gmt":"2022-12-26T18:54:03","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4165"},"modified":"2022-12-26T21:16:47","modified_gmt":"2022-12-26T20:16:47","slug":"zerobot-botnet-postaje-rastuca-prijetnja","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2022\/12\/26\/zerobot-botnet-postaje-rastuca-prijetnja\/","title":{"rendered":"Zerobot botnet postaje rastu\u0107a prijetnja"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Zlonamjerni akteri su unaprijedili <em>Zerobot <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/24\/botnet\/\" target=\"_blank\" rel=\"noopener\">botnet<\/a><\/em> dodaju\u0107i zna\u010dajna pobolj\u0161anja koja sada omogu\u0107avaju napad na mnogo vi\u0161e ure\u0111aja povezanih na Internet.<\/span><\/p>\n<div id=\"attachment_4169\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4169\" class=\"size-full wp-image-4169\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/cyber-g1adf44aa3_1920.jpg\" alt=\"cyber attack img\" width=\"1024\" height=\"609\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/cyber-g1adf44aa3_1920.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/cyber-g1adf44aa3_1920-300x178.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/cyber-g1adf44aa3_1920-768x457.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/cyber-g1adf44aa3_1920-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4169\" class=\"wp-caption-text\"><em>Image by <a href=\"https:\/\/pixabay.com\/users\/elchinator-10722855\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=5065568\" target=\"_blank\" rel=\"noopener\">Elchinator<\/a> from <a href=\"https:\/\/pixabay.com\/\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=5065568\" target=\"_blank\" rel=\"noopener\">Pixabay<\/a>, Edit by Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\"><em>Zerobot botnet <\/em>se prvi put pojavio u novembru 2022. godine ciljaju\u0107i ure\u0111aje koji rade na <em>Linux <\/em>operativnom sistemu, a bazirana je na programskom jeziku <em>Go<\/em> (poznatom jo\u0161 kao <em>Golang<\/em>) otvorenog k\u00f4da razvijen od strane kompanije <em>Google. <\/em>Ovaj programski jezik, zbog svoje jednostavnosti, omogu\u0107ava napada\u010dima iskori\u0161tavanje prili\u010dnog broja ranjivosti u <em>IoT<\/em> (eng. <em>Internet of Things<\/em>) ure\u0111ajima.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><strong><span style=\"font-size: 14pt;\">Nova varijanta<\/span><\/strong><\/h2>\n<p><span style=\"font-size: 14pt;\">Nova varijanta <em>Zerobot botnet -a<\/em> mo\u017ee da koristi iscrpljuju\u0107i napad (eng. <em>brute-force<\/em>), <a href=\"https:\/\/sajberinfo.com\/en\/2022\/04\/25\/ddos\/\" target=\"_blank\" rel=\"noopener\"><em>DDoS<\/em> napad<\/a> i mo\u017ee iskori\u0161tavati i nove ranjivosti, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/12\/21\/microsoft-research-uncovers-new-zerobot-capabilities\/\" target=\"_blank\" rel=\"noopener\">objavili su<\/a> sigurnosni istra\u017eiva\u010di kompanije <em>Microsoft<\/em>. Napada se mo\u017ee izvr\u0161iti na razli\u010dite arhitekture, uklju\u010duju\u0107i <em>i386, amd64, arm, arm64, mips, mips64, mips64le, mipsle, ppc64, ppc64le, riscv64<\/em> i <em>s390x<\/em>.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Starija verzija je koristila poznate ranjivosti u ure\u0111ajima proizvo\u0111a\u010da <em>D-Link, Huawei, RealTek, TOTOLink, Zyxel<\/em> i drugih, me\u0111utim nova verzija sada koristi iscrpljuju\u0107i napad kori\u0161tenjem uobi\u010dajenih korisni\u010dkih imena i 130 lozinki za <em>IoT<\/em> ure\u0111aje. Pored toga napada\u010di nisu napustili staru taktiku iskori\u0161tavanja ranjivosti u <em>IoT<\/em> ure\u0111ajima koja je ve\u0107 mogla da iskoristi oko 20 ranjivosti na raznim ure\u0111ajima, a sad su dodate nove ranjivosti za iskori\u0161tavanje, a radi se o ranjivostima u platformama <em>Apache, Roxy-WI, Grandstream<\/em> i sli\u010dno.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><strong><span style=\"font-size: 14pt;\">Dobijanje pristupa<\/span><\/strong><\/h2>\n<p><span style=\"font-size: 14pt;\">Nakon \u0161to dobije pristup, <em>Zerobot botnet <\/em>\u00a0prvo ubacuje zlonamjerni sadr\u017eaj i poku\u0161ava preuzeti kontrolu nad ure\u0111ajem, nakon \u010dega skenira mre\u017eno okru\u017eenje za novim ure\u0111ajem koji bi se mogli preuzeti. Opcija skeniranja mre\u017enog okru\u017eenja sadr\u017ei i opciju identifikacije i izbjegavanja <em>honeypot IP<\/em> adresa koje se koriste kao mamci za napada\u010de. Kao \u0161to je ve\u0107 re\u010deno, <em>Zerobot botnet <\/em>je napsian u <em>Go <\/em>programskom jeziku i uglavnom cilja ure\u0111aje bazirane na <em>Linux <\/em>operativnom sistemu<em>,<\/em> ali istra\u017eiva\u010di su prona\u0161li i nekoliko uzoraka koji se pokre\u0107u i na <em>Windows<\/em> operativnom sistemu. Ovi uzorci su bazirani na vi\u0161eplatformskom alatu za udaljenu administraciju (<em>RAT<\/em>) sa razli\u010ditim funkcijama kao \u0161to su upravljanje procesima, operacije sa datotekama, snimanje ekrana i izvr\u0161avanje komandi.<\/span><\/p>\n<div id=\"attachment_4170\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4170\" class=\"size-full wp-image-4170\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/octopus-g17212e76b_1280.webp\" alt=\"Zerobot\" width=\"1024\" height=\"706\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/octopus-g17212e76b_1280.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/octopus-g17212e76b_1280-300x207.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/octopus-g17212e76b_1280-768x530.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/octopus-g17212e76b_1280-18x12.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4170\" class=\"wp-caption-text\"><em>Image by <a href=\"https:\/\/pixabay.com\/users\/gdj-1086657\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=1220817\" target=\"_blank\" rel=\"noopener\">Gordon Johnson<\/a> from <a href=\"https:\/\/pixabay.com\/\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=1220817\" target=\"_blank\" rel=\"noopener\">Pixabay<\/a>, Edit by Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<h3><strong><span style=\"font-size: 14pt;\"><em>Zerobot botnet <\/em>kao usluga<\/span><\/strong><\/h3>\n<p><span style=\"font-size: 14pt;\"><em>Zerobot botnet<\/em> dolazi i sa modelom preplate na kori\u0161tenje usluge pristupa, koji olak\u0161ava napada\u010dima da kupe pristup zlonamjernom softveru i lak\u0161e odr\u017eavaju pristup kompromitovanim mre\u017eama. Kupci usluge dobijaju i mogu\u0107nost pokretanja <em>DDoS<\/em> napada koji mogu biti iskori\u0161teni za ucjenjivanje, skretanja pa\u017enje na pogre\u0161nu stranu ili ometanje poslovanja napadnute organizacije.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4><span style=\"font-size: 14pt;\">Za\u0161tita<\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">Velik naglasak se stavlja na va\u017enost primjene svih dostupnih a\u017euriranja za ure\u0111aje koji su direktno ranjivostima koje koristi za napada na korisni\u010dke ure\u0111aje. U objavi na svom blogu sigurnosni istra\u017eiva\u010di su <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/12\/21\/microsoft-research-uncovers-new-zerobot-capabilities\/\" target=\"_blank\" rel=\"noopener\">ovdje<\/a> objavili listu poznatih ranjivosti koje iskori\u0161tava <em>Zerobot botnet<\/em>. Preporuka je i kori\u0161tenje sigurnosnih rje\u0161enja koje podr\u017eavaju vi\u0161eplatformsko otkrivanje zlonamjernog softvera i obrazaca pona\u0161anja. Strategija za\u0161tite bi tako\u0111er trebala podrazumijevati i promjenu fabri\u010dkih lozinki sa <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"noopener\">jakim lozinkama<\/a>, blokiranje vanjskog <em>SSH<\/em> pristupa, kori\u0161tenje pristupa sa najmanjim privilegijama i upotrebu <a href=\"https:\/\/sajberinfo.com\/en\/2021\/10\/17\/vpn-sigurno-mrezno-povezivanje\/\" target=\"_blank\" rel=\"noopener\"><em>VPN<\/em> servisa<\/a> za vanjski pristup.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Zlonamjerni akteri su unaprijedili Zerobot botnet dodaju\u0107i zna\u010dajna pobolj\u0161anja koja sada omogu\u0107avaju napad na mnogo vi\u0161e ure\u0111aja povezanih na Internet. Zerobot botnet se prvi put pojavio u novembru 2022. godine ciljaju\u0107i ure\u0111aje koji rade&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4169,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[113,141,130,143],"class_list":["post-4165","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-botnet","tag-linux","tag-microsoft","tag-windows"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4165"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4165\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4169"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}