IoT botnet attacks continue, copycat emerges

internet of things security CSC Blogs

According to a MalwareMustDie.org blog, a new botnet malware based on a previous DDoS botnet aims to utilize vulnerable devices exploited in the recent IoT botnet Mirai attack.

The new creation, dubbed Linux/IRCTelnet, was first identified by researchers at MalwareMustDie.org. It exploits vulnerable IoT devices via hard-coded authentication credentials. This botnet malware is based on the Aidra botnet code and managed by commands sent from an IRC server.

If there was any doubt before, it’s clear now that IoT devices are a new front in the denial-of-service wars.

It’s still unknown whether this new botnet malware will be successful. Either way, it shows that the success of the Miria botnet, the general vulnerability of IoT devices and the widespread availability of botnet code makes for a troublesome cocktail.

In another bit of alarming news, according to this story in CSOonline, botnets that are fueled at least partially by Mirai are attacking new and random targets. “Copycat hackers have been taking advantage of the Mirai malware ever since the source code was released on an online forum September 30. So far, 23 unique command-and-control servers have been connected with Mirai activity…” reports IDG News Service’s Michael Kan.

These sporadic attacks are likely a mix of attackers that have commandeered Mirai-powered botnets as well as DDoS botnet-for-hire attacks.

As reported by Jai Vijayan in Dark Reading, researchers are cooking up potentially novel (and dangerous) ideas to help combat these botnets. According to Vijayan’s story, “Leo Linsky, a software engineer with network monitoring firm PacketSled, has released code on GitHub for a worm he developed that is capable of infiltrating IoT products protected only with default credentials and changing those weak passwords.”

He describes this anti-worm worm as a purely academic project intended only to show proof-of-concept. “The idea is to show that devices can be patched by a worm that deletes itself after changing the password to something device-specific or random,” Vijayan reports.

While such an idea makes for a fun fantasy, as Vijayan noted, it’s not likely to happen, at least not by legitimate security researchers. In addition to it being blatantly illegal to dispatch worms to patch IoT devices on networks one doesn’t own or even operate, the notion is fraught with peril. The worm could cause more device and network traffic disruption than it fixes.

Unfortunately, IoT-related attacks will only be avoided as IoT device makers decide they have to design and ship devices that are securable out of the box.

RELATED LINKS

Welcome to the wonderful world of hijacked IoT devices

Security lags as IoT moves from prototype to deployment

The good (and bad) news behind the Dyn DNS DDoS attacks

Comments

  1. Tim Coote says:

    As I’ve noted elsewhere, the security economics mean that the device manufacturers are unlikely to incur the costs of improving the security of the devices. What I find interesting is the legal aspects. If I buy a house and leave the door open, then my neglect is contributing to my loss. However, in this situation, I can buy a gun that can be used by someone in a different jurisdiction to attack others in a third (fourth, etc). At the level of the individual, it’s hard to claim that specific damage was caused by a specific person’s actions or omissions. It’s going to require significant and concerted diplomatic efforts to fix this situation.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: