The Department of Information and Communications Technology (DICT) through the National Cyber Security Center (NCSC) issues this advisory to inform network operators, businesses and the general public about the growing number of compromised internet-connected devices in the Oceania region as part of a broader wave of compromised nodes (a “botnet”) positioned for malicious activity.
This advisory has been released to highlight the threat posed by these actors and their botnet activity and to encourage exposed device owners and operators to update and secure their devices from being compromised and joining the botnet. The range of devices being targeted include small office/home office (SOHO) routers, firewalls, network-attached storage (NAS) and Internet of Things (IoT) devices. Victim devices part of the botnet include more than 260, 000 compromised devices as of June, 2024 with an estimated 2, 400 devices in the Oceania region which constitutes approximately 0.9% of the botnet.
As with similar botnets, this botnet infrastructure is comprised of a network of devices, known as “bots”, which are infected with a type of malware that provides threat actors with unauthorized remote access. A botnet can be used for a number of purposes, including distributed denial of service (DDoS) attacks, hiding identities to conduct malicious activity and gaining unauthorized access to sensitive networks leading to data breaches and other cyber security incidents.
All owners, vendors and operators of internet-connected devices are encouraged to take the following actions to protect their devices and systems:
- Apply patches and updates: including software and firmware updates provided by the device manufacturer.
- Default Credentials: Replace default credentials with strong and unique passwords, not shared across devices and systems.
- Disable Unwanted Services: Deactivate unused services or features to avoid exposure of devices to the Internet.
- Device Activity Monitoring: Continuously observe network traffic and device performance for suspicious activity indicative of a compromise.
- Firewalls and Network Segmentation: Reduce the attack surface of critical systems by segmenting IoT and other devices from core networks.
- Plan for device reboots: rebooting a device terminates all running processes, which may remove specific types of malware that run in the host’s memory. Some devices provide scheduled reboot features, enabling reboots to occur at preferred times. If a compromised device fails to respond to reboot commands issued remotely, reboot physically.
- Replace end-of-life equipment with devices that are in the vendors support plan.
This advisory is part of the ongoing effort by the international community to mitigate the impact of botnets and other malicious cyber activities. Network defenders, cybersecurity professionals, and members of the public should take immediate action to guard against this threat.
Prompt action is crucial in addressing these critical vulnerabilities to ensure the security and stability of your organization’s systems and data. By remaining vigilant and keeping your infrastructure up-to-date, you can effectively safeguard against potential cyber threats. The NCSC and the Department of ICT are dedicated to promoting a secure digital environment, and we encourage all stakeholders to adhere to the recommended actions for enhanced cybersecurity resilience.
For any further assistance or inquiries, please reach out to the National Cyber Security Center (NCSC). Together, let us prioritize cybersecurity and protect Papua New Guinea’s digital landscape.