BitDefender researchers have recently identified a new botnet, dubbed “dark_nexus”. This botnet works similarly to the Mirai botnet from back in 2016, but with a focus on compromising IoT devices to perform distributed denial of service (DDoS) attacks.

This botnet grows primarily by using credentials stuffing attacks against different types of devices such as routers, video recorders, cameras and enlists them on to the botnet upon successful exploitation.

Credential stuffing is an attack which involves the automated injection of breached username and password pairs to gain unauthorised access to a user or administrator account. These credentials are collected though leaks and are inserted in mass quantities, similar to a traditional brute force attack.

Credential stuffing attacks are possible primarily due to user error, exploiting the reused username and password combination across multiple services. Usernames and passwords are often breached in pairs, and this information is used to ‘stuff’ these into different services to gain access.

You can mitigate credential stuffing is to ensure that each device, service, and account you access all have unique passwords.

READ MORE: Managing and monitoring your network

This will reduce the overall effectiveness of this attack by restricting the applicability of breached credentials to a single account.

In the case of Dark Nexus, without specifics, devices are compromised via the credential stuffing attack vector in large quantities, and these devices are subsequently added to the pool of botnet devices, which are typically rented out to attackers for their denial of service attacks.

Most commonly, when your device is subjected to an attack which is designed to enlist it into a botnet, your device will be rented out to conduct malicious and often illegal activity.

Our guidance is to continue practising best security practice both within your organisation and personally and pay close attention to your procedures surround password reuse, especially for these attacks.