Rapid Response from Armis
The peer-to-peer Golang botnet has resurfaced after more than a year and has infected a total of 1,500 hosts. The servers of companies from the healthcare, education and government sectors were compromised. “The decentralized botnet called FritzFrog targets any device that exposes an SSH server – cloud instances, data center servers, routers, etc. – and is capable of executing any malicious payload on the infected node,” says the report by security researchers from Akamai Threat Labs, who first discovered FritzFrog in August 2020. According to Akamai Threat Labs, attacks have been increasing again since December 2021, with the infection rate increasing 10-fold within a month. In January of this year, the wave of infections reached its peak with 500 incidents per day.
Andy Norton, European Cyber Risk Officer at Armis
“Fileless attacks on IOT devices are indeed one of the newer threat waves for companies,” says Andy Norton, European Cyber Risk Officer at Armis . “But the current state of the art also includes securing devices that cannot use a security agent. Companies cannot afford to have blind spots in their asset inventory just because the devices they use cannot be protected by typical IT security controls. This type of threat requires a different approach, which is commonly called collective intelligence. Collective intelligence is a dynamic analysis of the behavioral activities of a device from the perspective of variance, prevalence and significance. This allows companies to detect when one of their devices begins to behave differently than before, in comparison with its genomic counterparts and during a critical period when a vulnerability or exploit was actively circulating. In the case of FritzFrog, Monero mining activities and new services would be detected immediately on a device, so that it is possible to react almost in real time.“
Akamai Threat Labs says it has detected infected computers on a European television network, a Russian manufacturer of health equipment and several universities in East Asia. A large number of infected devices have been found in China.