In this episode of Cybersecurity Today, host David Shipley delves into alarming developments in the cybersecurity landscape. The FBI has flagged a massive malware campaign named Bad Box 2.0, which has compromised 1 million consumer devices globally, turning them into residential proxies. Additionally, a new variant of the Mirai malware is targeting DVR devices via a critical vulnerability. Meanwhile, criminals are shifting their operations from bulletproof hosts to harder-to-trace VPNs and residential proxy networks.
The episode also covers urgent calls for post-quantum cryptography readiness amidst looming quantum computing threats, alongside a significant policy shift in the US. President Trump has signed an executive order dismantling former President Biden's extensive cybersecurity initiatives, including efforts focused on AI and quantum cryptography. These regulatory rollbacks emphasize minimal federal oversight and leave long-term digital defense strategies in question.
00:00 Introduction and Major Headlines
00:32 FBI Warns About Bad Box 2.0 Botnet
02:47 DVR Botnet Threats and Exploits
03:59 Shift in Cybercriminal Tactics
05:33 Quantum Computing and Encryption Concerns
07:08 Trump's Cybersecurity Policy Overhaul
11:36 Conclusion and Final Thoughts
Episode Transcript
The BI says, a million Smart TVdevices are part of Bad Box 2.0 botnet.
Unpatched critical vulnerabilityin some security camera.
DVRs , botnet police busts, forcingcriminals away from Bulletproof
hosts to using residential proxies.
And ask your vendors about their postquantum crypto plans, say Experts.
(00:21):
Finally, white House DismantlesBiden Era cybersecurity policy
in latest executive order.
This is cybersecurity today, andI'm your host, David Shipley.
Let's kick some things off witha major warning from the FBI.
They flagged a massive malwarecampaign called Bad Box 2.0, which
has already compromised 1 millionconsumer devices around the world.
(00:46):
We're talking about Android-basedsmart TVs, streaming boxes,
tablets, projectors, you name it.
Most of them are cheap nonamedevices built in mainland
China and shipped globally.
But here's the kicker.
These things either comepreloaded with malware.
Or get infected during setup viamalicious apps or fake firmware updates.
(01:06):
Once they're compromised, thesedevices become part of the bad box
2.0 botnet, which connects 'em to acriminal command and control system,
and then the fund really begins.
They're turned into residentialproxies, which means criminals can
route their traffic through your homeIP address to hide their activity.
They're often used in ad fraud scams,generating fake clicks for revenue, and
(01:29):
they're enabling credential stuffingattacks, trying stolen usernames and
passwords across hundreds of sites.
Using your network.
This isn't exactly new though.
Bad box first showed up in 2023 andin 2024, German authorities managed
to disrupt part of the network, butthe crooks bounce back pretty fast.
Within a week, researchers found 192,000more infected devices, and now even
(01:53):
mainstream brands like Yandex TVs andHisense smartphones are getting hit.
As of March, 2025, cybersecuritycompany, humans, Satori Threat
Intelligence team says The botnet hastopped 1 million devices and spread to
more than 200 countries, the biggestinfection hotspots, Brazil, the
(02:14):
United States, Mexico, and Argentina.
Now here's a technical footnote.
These devices run the Android open sourceproject, not the official Android TV V
os, or play protected certified systems.
So if you're bargain hunting on techwebsites, say Temu, uh, installing
sketchy apps, you may be bringinghome more than Upstreaming box.
(02:38):
Be careful.
Now while Bad Box 2.0 is makinga lot of noise, it's not the
only botnet in the headlines.
Over in the digital video recording orDVR World, there's a new variant of the
infamous Mira Malware that's targetingT-B-K-D-V-R 41 40 and DVR 42 16 devices.
(03:00):
Bad guys are exploiting a commandinjection vulnerability tracked
as CVE 20 24 37 21 that lets 'emtake control of these devices with
specially crafted post request.
The vulnerability was disclosed in April,2024 by a researcher going by the name
NetSec Fish, and now cybersecurity firm.
(03:20):
Kaspersky says that their Linuxhoneypots are seeing active exploitation.
Once devices are infected,the DVRs download malware.
join a bot.
Nest Used to Ddo S traffic, proxyingand more estimates vary, but
there're some between 50 and 114,000exposed DVRs out there, depending
on whose telemetry you trust.
(03:42):
Kaspersky says the infectionsare hitting China, India, Egypt,
Ukraine, Russia, Turkey, and Brazil.
Particularly hard.
But a heads up because Kasperskyproducts are banned now in several
countries, including the United States.
This may not be the full picture.
Now let's talk cybersecurityinfrastructure and one of the major
drivers for why botnets are backin the headlines in a big way.
(04:07):
For years, criminals haverelied on so-called bulletproof
hosts to run their operations.
Basically sketchy hosting.
Companies that would look the other waywould not respond to law enforcement or
were hosted in countries that didn't care.
But with international lawenforcement turning up the heat.
There is a shift happening at the SleuthCon Conference in Arlington, Virginia.
(04:27):
Last week, team Simon researcher, altrit, outlined how crooks are ditching
sketchy web hosts and moving to VPNsand proxy networks that are much harder
to trace these services mix legitimateand malicious traffic, making it tough
to separate the good from the bad.
Now what's especially concerning is therise of residential proxy networks where
(04:49):
traffic flows through people's homedevices like old Android phones, dusty
laptops, smart TVs that aren't updated.
These offer real fresh rotatingips, which makes it a nightmare for
detection systems and law enforcement.
It is the equivalent of hiding in plainsight, and it's gonna be a major thorn
(05:10):
in the side of things like conditionalaccess policies that look to restrict
bad actors access through IP ranges fromforeign jurisdictions as Ronnie Toky
from Intelligence for Good If attackersare coming from the same IP ranges as
your employees, good luck spotting them.
Now after this botnet bonanza, let'spull back and talk about another issue.
(05:33):
And it's the looming specter ofwhat's referred to as the quantum
computing moment where it breaksconventional encryption, whereas
some folks are calling it Q Day.
At Infra Security Europe conference thisweek, experts called on CISOs to start
pressuring vendors for clear post quantumcryptography or p QC readiness roadmaps.
(05:55):
The idea, even though quantumcomputers powerful enough to break,
most encryption aren't here yet.
There's a big concern about harvestnow, decrypt later strategies
that criminals are using.
Now in theory, here's howthis attack would work.
adversaries collecting encrypted datafrom an attack, say it's an extortion
ransomware attack with the exfil of data.
(06:17):
Uh, but they can't break throughit, but they store it and then they
wait until quantum systems can crackit, and that could be years away.
Nobody knows for sure.
. Now here's a dose of healthy skepticism.
While Q Day is a real possibility, wehaven't seen confirmed widespread harvest
now decrypt later campaigns in the wild inany of the big busts by law enforcement.
(06:40):
We haven't seen solid evidence thatcriminals have been sitting on huge
amounts of encrypted data ready to crack.
Reality is they're sitting on alot of unencrypted data, so it's
important not to let fear run the show.
Instead, we should use this momentto make sure we're doing smart
things like inventorying whereand how we use encryption, what
(07:00):
systems we're using, and thinkingabout our planning and supply chain
vetting, which are always good ideas.
All right, let's end with a majorpolicy U-Turn coming out of Washington.
Late last week on Friday, presidentDonald Trump signed a new executive
order that wiped a whole slate ofcybersecurity initiatives put in
place by former President Joe Biden.
(07:23):
According to the Trump administration,those efforts were more about
problematic and distractingissues than actual cybersecurity.
The new executive order makes bigclaims saying it's focused on technical
and organizational professionalism toimprove America's digital defenses.
But let's be clear, this is amassive regulatory rollback, . One
(07:46):
of the most consequential changes.
Trump scrap Biden's efforts touse federal procurement muscle
to push better software security.
Remember, this initiative came afteryears of high profile breaches.
Think SolarWinds, move it.
Log four J that were linked to weaksupply chain software controls.
Biden's 2021 executive orderstarted the shift and by 2024, the
(08:08):
government was planning to requiresecure software attestations where
vendors had to prove with technicaldata that their products followed
modern secure development practices.
I. Trump's new order erases thoserequirements, specifically gone are
Secure software attestations forfederal contractors cease a's role in
(08:29):
verifying those attestations oversightfrom the National Cybersecurity
Director and provisions for referringbad actors to the Justice Department.
Instead, the Trump team calls Biden'sapproach, an unproven and burdensome
software accounting process thatvalued checklists over real security.
The only thing still standing, acollaborative effort with NIST to
(08:50):
improve the software developmentframework, but now it's just voluntary.
No federal enforcement teeth.
Now what about ai?
AI security.
It's cut too.
Trump took the knife to AIand cyber defense initiatives.
Biden's orders had pushed for federalresearch into how AI could be used
to defend critical infrastructure,especially in sectors like energy.
(09:12):
That included research on secure AIcoding tools, designing trustworthy
AI systems, and using advanced AI forcyber defense within the Pentagon.
That's all gone.
Trump's new executive order Actsas the research priorities, the
mandates and those plans to useAI and federal cyber operations.
And in fact, the message is let'slet the private sector figure it out.
(09:32):
Don't bake it into government strategy.
When it comes to quantumcryptography that got gutted too.
Biden's original order, tried tojumpstart post quantum cryptography.
That's the stuff we were justtalking about earlier that we need
to do to stay ahead of when quantumcan break today's encryption.
Biden's order told agencies to startmigrating to quantum safe algorithms
(09:55):
to push vendors to the same, and alsoto put efforts in place to coordinate
with allies and get global adoption ofNIST post quantum computing standards.
Trump's order leaves just one piece.
CISA still has to keep a listof product categories that
support post quantum crypto.
Everything else scrubbed.
(10:15):
No more urgency to migrate.
No more push to get vendors or alliesmoving and no clear guidance from
NIST on the minimum security bar.
federal contractors should be meeting. And the cuts don't stop there.
Trump's new directive alsoeliminates a plan to test
phishing resistant authentication.
NIST led guidance on internet routingsecurity, a requirement for strong
(10:36):
email encryption across agenciesand OM B'S role in managing risk
tied to it Vendor concentration.
So what does this all mean?
In short, we've just watched a majorshift in US Federal Cybersecurity
Posture, Biden's approach focused onthe long-term resilience, supply chain
accountability, and preparing for anAI and quantum future Trump's order.
(10:56):
It's a return to minimal federaloversight, heavy on rhetoric
about cutting red tape, but lighton actual replacement strategy.
Now you can agree or disagree withthe idea that Biden's security
initiatives were too heavy handed.
But here's the rub.
Without those mechanisms, what'sgonna push software vendors,
cloud providers, and AI developersto build more secure systems?
(11:19):
We're seeing more attacks, moreautomation, cyber crime, and
greater reliance on criticaldigital infrastructure than
ever before in society.
This rollback might win pointswith industry on paperwork, but it
leaves a lot of unanswered questionsabout long-term digital defense.
Bottom line, whether it's malware hidingin your tv, DVRs, joining botnets,
(11:41):
criminals using your toaster as aVPN exit node or hype around Q Day.
We need to keep cool headsand take smart action.
Meanwhile, in Washington Cyber Policy justgot sent back to party like it's 1999.
That's all for now.
Stay patched, stay skeptical, and don'tplug in anything you've got for $20 off
Amazon or Temo without thinking twice.
(12:04):
We're always interested in youropinion, and you can contact us at
editorial@technewsday.ca or leavea comment under the YouTube video.
I've been your host, DavidShipley, sitting in for Jim Love,
who will be back on Wednesday.
Thanks for listening.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Ridiculous History
History is beautiful, brutal and, often, ridiculous. Join Ben Bowlin and Noel Brown as they dive into some of the weirdest stories from across the span of human civilization in Ridiculous History, a podcast by iHeartRadio.