It comes with a warning to CISOs, as well as to vendors, to implement more thorough patch management, to protect their devices from being taken over.
Included in the Integrity Tech botnet are unpatched devices from enterprise hardware manufacturers such as Cisco Systems (its Small Business series routers and Adaptive Security Appliances), Fortinet, and QNAP, as well as applications from software makers like Microsoft (Windows), IBM (Tivoli and WebSphere Application Server), Atlassian (Confluence Data Center and Server), and Apache (applications with the Log4j2 logging code).
The devices are largely being compromised through unpatched vulnerabilities. A number of experts have previously reported that network devices are being compromised because they no longer get security patches from their manufacturers. In fact, this report notes that some devices and applications in the bot stopped getting manufacturer support as far back as 2016, and some affected devices were running Linux kernels as early as version 2.6, whose support ended in 2011.
