Termite and EarthWorm Cyberattacks: Here’s What MSSPs Need to Know

AT&T Cybersecurity, a standalone AT&T company that consists of  AlienVault, AT&T Cybersecurity Consulting and AT&T Managed Security Services, has uncovered cyberattacks involving the Termite and EarthWorm network and penetration testing tools. Hackers are using Termite and EarthWorm to create a botnet of Internet of Things (IoT) devices to launch cyberattacks across chains of desktops, mobile devices, servers and other platforms.

Termite connects chains of machines on a network, and it can be used in conjunction with various platforms. However, cybercriminals are exploiting Termite vulnerabilities to upload and download files and execute shell commands across chains of devices, according to AT&T Cybersecurity.

EarthWorm is an earlier version of Termite. To date, cybercriminals have used EarthWorm malware to spy on targets in Taiwan and launch crypto-mining campaigns, AT&T Cybersecurity stated.

In addition to AT&T Cybersecurity's Termite and EarthWorm discoveries, Symantec last year found that cybercriminals used Termite to attack SingHealth, Singapore's largest public healthcare organization. Termite helped cybercriminals steal approximately 1.5 million SingHealth patient records.

Singapore cybercriminal group Whitefly was responsible for the SingHealth data breach, Symantec indicated. Whitefly used Termite in conjunction with custom malware to execute malicious payloads on victims' computers.

What Can Organizations Learn from the Termite and EarthWorm Cyberattacks?

The Termite and EarthWorm cyberattacks highlight the impact of botnets, i.e. networks of connected devices that are remotely controlled by hackers. Fortunately, the National Cyber Security Alliance offers the following tips to help organizations combat botnet attacks:

MSSPs also can share the aforementioned tips with their customers. By doing so, MSSPs can help their customers stop botnet attacks.