Water Barghest Botnet Comprised 20,000+ IoT Devices By Exploiting Vulnerabilities

Water Barghest, a sophisticated botnet, exploits vulnerabilities in IoT devices to enlist them in a residential proxy marketplace by leveraging automated scripts to identify vulnerable devices from public databases like Shodan. 

When the device is compromised, the Ngioweb malware is installed in a stealthy manner, thereby establishing a connection to command-and-control servers.

The infected device is rapidly registered as a proxy, often within 10 minutes, enabling immediate monetization through the proxy marketplace, which highlights the significant threat posed by Water Barghest to IoT security.

It automates the process of exploiting vulnerable IoT devices, starting with acquiring n-day or zero-day exploits by using Shodan to identify vulnerable devices and their IP addresses, then launches attacks using data-center IP addresses.

Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar

Successful attacks lead to the installation of Ngioweb malware, which registers with a C&C server ...