According to a report published by researchers at Microsoft on December 16, this new botnet is utilized in order to aid DDoS attacks on Minecraft servers. This may sound trivial, but enterprises must take an account since this botnet could potentially as well target Windows and Linux devices, spreading rapidly without being detected.
Launch of The Attack
The attack begins with the online user downloading malicious downloads of “cracked” Windows licenses.
"The botnet spreads by enumerating default credentials on internet-exposed Secure Shell (SSH)-enabled devices […] Because IoT devices are commonly enabled for remote configuration with potentially insecure settings, these devices could be at risk to attacks like this botnet," the Defender team explains in a report.
The security researchers further recommend that organizations strengthen their device network in order to evade any such threats. It was furthermore revealed that most of the devices infected were in Russia.
Enterprises Beware
The sheer number of potentially targeted servers and the scarce cyber protection on private Minecraft servers, make this botnet a threat to be taken seriously by the cybersecurity teams, warns Patrick Tiquet, Vice president of security architecture at Keeper Security.
"The concern in this scenario is that there are a large number of servers that can potentially be compromised and then weaponized against other systems, including enterprise assets […] Gaming servers such as Minecraft are typically managed by private individuals who may or may not be interested in or capable of patching and following cybersecurity best-practices. As a result, this vulnerability could continue unmitigated on a large scale for an extended period of time and could potentially be leveraged to target enterprises in the future," he explains.
Besides the malware, Microsoft’s recommendations are a smart idea for safeguarding the company against all kinds of botnets, not simply those that target Minecraft, according to Mike Parkin of Vulcan Cyber.
