The main methods that Zerobot uses to infect a system, via brute-force or vulnerability exploitation, can easily be prevented by following a few recommended steps. The first recommendation would be to make sure all devices on a network are up-to-date on their patches, particularly any Internet-facing devices. The threat actors rely on devices remaining unpatched to infect systems and grow their botnet, so by making sure all devices are up-to-date and not vulnerable, an organization can help prevent their systems from being used in DDoS attacks. It is also recommended to only allow remote interaction protocols, like SSH and Telnet, open to the Internet in cases where it is absolutely necessary. All devices that have these exposed to the Internet should be heavily scrutinized to determine if it is required, particularly in the case of Telnet which is considered insecure. If it is determined that SSH is required, it is recommended to either use public key authentication for all access requirements or use extremely strong passwords to help prevent brute force attacks from working. Finally, it is recommended to use and maintain both network-level and endpoint-level security controls to help prevent and detect malware from infecting a system. Network-level controls can help detect and potentially prevent infected systems within a network from being used to actively participate in a DDoS attack by monitoring volumes of traffic going to single sources. Likewise, endpoint security controls can help detect and prevent the main Zerobot malware from executing on an infected system in the first place, thus preventing the system from joining the botnet and being used to DDoS targets.
https://thehackernews.com/2022/12/zerobot-botnet-emerges-as-growing.html
