IT Examiner School - Oct 2025

How does it work? • Works like a traditional botnet, patrolling the internet for a good time. • The good time translates to vulnerabilities in internet connected devises (routers, cameras, etc.), such as weak administrator rights, factor settings, and devices that are not up to date • Attack strategies include “Living off the Land”, “Hiding in Plain Site”, or other sleeper methods. • The goal is to wait and not draw attention to breach.

Controls to look for…. • Perform robust cyber security assessments. Refer to NIST’s Cyber Framework (V2). • Implement multifactor authentication. • Review and change factory configuration settings (eliminate backdoors) (An entity should periodically review configuration settings, as a practice. • Implement version control standards and a robust patch management program.