A new cyberattack, called Matrix, is disrupting internet-connected devices like routers, surveillance cameras, and telecom equipment. Researchers from Aqua Security have warned that up to 35 million devices could be affected.
The attack, a distributed denial-of-service (DDoS) campaign, is believed to be launched by a Russian hacker group targeting weaknesses in a wide range of IoT (Internet of Things) devices.
The attackers exploit vulnerabilities in devices with outdated firmware or weak login credentials, like default usernames and passwords.
Once compromised, these devices are added to a botnet, amplifying the scale of the DDoS attack. Routers, digital video recorders, and Linux-based systems are among the most vulnerable targets.
Aqua Securityโs report shows that the attackers use basic brute-force methods to access devices and exploit known flaws in routers like ZTE and GPON models.
Other targets include IoT devices and enterprise systems running platforms like Hi3520 and Apache Hadoop. These attacks highlight the growing trend of cybercriminals using simple, open-source tools to orchestrate large-scale disruptions.
The Matrix attack also illustrates the shift from crypto-mining to DDoS campaigns using IoT and enterprise vulnerabilities.
Despite requiring minimal technical skill, this campaign has caused widespread disruption, proving that even less-experienced attackers can launch powerful attacks.
Protecting Against Matrix
To protect against the Matrix attack, Aqua Security recommends updating device firmware, using strong passwords, and disabling default credentials.
Businesses should also patch known vulnerabilities, monitor networks for unusual activity, and implement network segmentation to safeguard against botnet attacks.
The Matrix campaign underscores the need for stronger security measures for both personal and business devices, as cybercriminals continue to evolve their tactics.