AT&T Cybersecurity, a standalone AT&T company that consists of AlienVault, AT&T Cybersecurity Consulting and AT&T Managed Security Services, has uncovered cyberattacks involving the Termite and EarthWorm network and penetration testing tools. Hackers are using Termite and EarthWorm to create a botnet of Internet of Things (IoT) devices to launch cyberattacks across chains of desktops, mobile devices, servers and other platforms.
Termite connects chains of machines on a network, and it can be used in conjunction with various platforms. However, cybercriminals are exploiting Termite vulnerabilities to upload and download files and execute shell commands across chains of devices, according to AT&T Cybersecurity.
EarthWorm is an earlier version of Termite. To date, cybercriminals have used EarthWorm malware to spy on targets in Taiwan and launch crypto-mining campaigns, AT&T Cybersecurity stated.
In addition to AT&T Cybersecurity's Termite and EarthWorm discoveries, Symantec last year found that cybercriminals used Termite to attack SingHealth, Singapore's largest public healthcare organization. Termite helped cybercriminals steal approximately 1.5 million SingHealth patient records.
Singapore cybercriminal group Whitefly was responsible for the SingHealth data breach, Symantec indicated. Whitefly used Termite in conjunction with custom malware to execute malicious payloads on victims' computers.
What Can Organizations Learn from the Termite and EarthWorm Cyberattacks?
The Termite and EarthWorm cyberattacks highlight the impact of botnets, i.e. networks of connected devices that are remotely controlled by hackers. Fortunately, the National Cyber Security Alliance offers the following tips to help organizations combat botnet attacks:
- Keep security software, operating systems and web browsers up to date.
- Back up sensitive data and store it safely.
- Create passwords that include at least 12 characters.
- Scan USBs and other external devices for malware.
- Avoid opening suspicious links in emails, social media posts and online ads.
MSSPs also can share the aforementioned tips with their customers. By doing so, MSSPs can help their customers stop botnet attacks.